Mark Sapiro writes:
> I can see that if your attackers get smarter, the real name check could
> be useful, but I'm not ready to add that as a feature. That could change
> if they successfully attack me, but that hasn't happened yet.
Based on past experience, by "me" Mark means "you, too". He'
On 12/22/2016 04:05 PM, Jim Popovitch wrote:
>
> Just to be clear, the bots are doing a GET of the listinfo page,
> extracting the token, and then (mis)forming the GET URL like this:
>
> 89.32.127.178 - - [22/Dec/2016:23:53:29 +] "GET
> /mailman/listinfo/users HTTP/1.1" 200 2866 "-" "Mozilla/
On Thu, Dec 22, 2016 at 6:55 PM, Mark Sapiro wrote:
> On 12/22/2016 03:38 PM, Jim Popovitch wrote:
>>
>> I'm seeing GET attempts like this:
>>
>> 77.247.181.165 - - [22/Dec/2016:23:30:10 +] "GET
>> /subscribe/users?sub_form_token=1527449307%3A0ca6e66379d0e6e9c45b66d93d5864da4621&email=jcon
On 12/22/2016 03:38 PM, Jim Popovitch wrote:
>
> I'm seeing GET attempts like this:
>
> 77.247.181.165 - - [22/Dec/2016:23:30:10 +] "GET
> /subscribe/users?sub_form_token=1527449307%3A0ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&dig
On 12/22/2016 01:53 PM, Jim Popovitch wrote:
>
> I know the GLOBAL_BAN_LIST is for email addrs, but what would it take
> to implement the same (or some field validation logic) for the
> "fullname" field of the subscription page. I'm still seeing a ton of
> subscribe spam attempts, and the fullna
On Thu, Dec 22, 2016 at 6:26 PM, Mark Sapiro wrote:
> On 12/22/2016 03:01 PM, Jim Popovitch wrote:
>>
>> I think i have a better solution, (but I'm not so sure how to do this
>> in Apache). In Nginx you can use "limit_except PUT { deny all; }"
>> to deny the spambot GET attempts.
>
> in apache 2
On 12/22/2016 03:01 PM, Jim Popovitch wrote:
>
> I think i have a better solution, (but I'm not so sure how to do this
> in Apache). In Nginx you can use "limit_except PUT { deny all; }"
> to deny the spambot GET attempts.
in apache 2.4 you would do
Require all denied
Requi
On Thu, Dec 22, 2016 at 4:53 PM, Jim Popovitch wrote:
> On Tue, Dec 13, 2016 at 12:35 PM, Mark Sapiro wrote:
>>
>> Steve has answered most of this. I just want to add a couple of things.
>> With respect to web subscribes, several sites including python.org have
>> seen mail bomb attacks via the w
On Tue, Dec 13, 2016 at 12:35 PM, Mark Sapiro wrote:
>
> Steve has answered most of this. I just want to add a couple of things.
> With respect to web subscribes, several sites including python.org have
> seen mail bomb attacks via the web subscribe interface.
>
> These are subscribes via the web
On 12/12/2016 03:07 PM, Edward Hasbrouck wrote:
>
> How can I stop this? I am willing to give up "subscribe to this list by
> e-mail", and require all subscriptions to be via the Web.
Steve has answered most of this. I just want to add a couple of things.
With respect to web subscribes, severa
On 12/13/2016 03:54 AM, Stephen J. Turnbull wrote:
> Edward Hasbrouck writes:
>
> > How can I stop this? I am willing to give up "subscribe to this list by
> > e-mail", and require all subscriptions to be via the Web.
>
> Set Privacy Options | subscribe_policy to "Require approval".
That won
Edward Hasbrouck writes:
> (2) Spam with forged "From:" headers is sent to
> "listname-requ...@domain.com".
> How can I stop this? I am willing to give up "subscribe to this list by
> e-mail", and require all subscriptions to be via the Web.
Set Privacy Options | subscribe_policy to "Requi
My mail server has been blacklisted by several major e-mail providers
because of backscatter spam generated by my Mailman installation:
(1) Spammers harvest the "listname-requ...@domain.com" address from a
public Web page (presumably the Mailman admin page).
(2) Spam with forged "From:" header
13 matches
Mail list logo
