Karl Berry writes:
I'm surprised Mark hasn't chimed in, maybe he's out on a boat catching
salmon. Don't know when he'll be back, so here's what little I can
say.
> 1) The above mailman-users thread refers to using fail2ban.
The set in https://github.com/fail2ban/fail2ban/tree/master/config/fil
I was just hit with a subscription flood, along the lines of
https://mail.python.org/pipermail/mailman-users/2014-May/076880.html
https://bugs.launchpad.net/mailman/+bug/1082746
I've mitigated the current attack, but it's happened before and will
happen again. I'm already using SUBSCRIBE_FORM_
That did the trick.
Thanks again.
On Wed, May 14, 2014 at 11:39 PM, Mark Sapiro wrote:
> On 05/14/2014 07:58 PM, Bill Christensen wrote:
> > Here you go:
> >
> > admin(38814): [- Traceback --]
> > admin(38814): Traceback (most recent call last):
> > admin(38814): File "/opt/local/sha
On 05/14/2014 07:58 PM, Bill Christensen wrote:
> Here you go:
>
> admin(38814): [- Traceback --]
> admin(38814): Traceback (most recent call last):
> admin(38814): File "/opt/local/share/mailman/
> scripts/driver", line 112, in run_main
> admin(38814): main()
> admin(38814): File
Here you go:
admin(38814): [- Traceback --]
admin(38814): Traceback (most recent call last):
admin(38814): File "/opt/local/share/mailman/
scripts/driver", line 112, in run_main
admin(38814): main()
admin(38814): File "/opt/local/share/mailman/Mailman/Cgi/subscribe.py",
line 63, in
On 05/14/2014 10:42 AM, Bill Christensen wrote:
>
> The problem_list gets "we hit a bug", but since I've taken the
> subscription form off the listinfo page the only ones who will get that
> are the spammers.
It shouldn't get that. There is still something wrong with the patch or
its application
> I've got a problem with one of my lists where it's being flooded with
> spurious subscription requests... from the same address...
Perhaps obvious, and perhaps in the FAQ Mark linked, but this sounds like a job
for ipfw to me.
I regularly get spambot subscription requests, and they go right i
On 5/14/14 10:35 AM, Mark Sapiro wrote:
Sorry, that's my mistake. It should be if listname == 'problem_list':
i.e., ==, not =.
Comparing subscribe.py with subscribe.py.bak, it appears that it's in there
as written.
I was wondering about that.
Thanks. Now the problem_list is disallowed from w
On 05/14/2014 08:20 AM, Bill Christensen wrote:
> Thanks.
>
> Running the patch I got:
>
> patching file /path/to/mailman/Mailman/Cgi/subscribe.py
> patch unexpectedly ends in middle of line
> Hunk #1 succeeded at 53 with fuzz 1 (offset -1 lines).
>
> (with the actual path in there)
The patch
Thanks.
Running the patch I got:
patching file /path/to/mailman/Mailman/Cgi/subscribe.py
patch unexpectedly ends in middle of line
Hunk #1 succeeded at 53 with fuzz 1 (offset -1 lines).
(with the actual path in there)
When trying to run a subscription I got the "We hit a bug" error.
Error log
On 05/13/2014 12:54 PM, Bill Christensen wrote:
>
> Sorry to be dense, but how do I apply that patch?
1)Save the patch to a file.
2)Edit the file with an editor that won't change indentation or wrap or
fill lines, i.e. a text editor, not a word processor, and change
problem_list in the line
+
Very wide. Vietnam, China, New York, France just at a quick look.
I'm looking into fail2ban now. Thanks to those of you who have mentioned
it.
On Tue, May 13, 2014 at 3:12 PM, Robert Heller wrote:
> At Tue, 13 May 2014 14:54:26 -0500 Bill Christensen <
> billc_li...@greenbuilder.com> wrote:
At Tue, 13 May 2014 14:54:26 -0500 Bill Christensen
wrote:
>
> I finally got a chance to look over the logs today; this is a widely
> distributed attack, so address blocking is probably futile.
How widely? It *could* be a /16 subnet (eg distributed over 2^^16 address)
somewhere in an 'odd' p
I finally got a chance to look over the logs today; this is a widely
distributed attack, so address blocking is probably futile.
Sorry to be dense, but how do I apply that patch?
Thanks
On Fri, May 9, 2014 at 3:19 PM, Mark Sapiro wrote:
> On 05/09/2014 12:12 PM, Bill Christensen wrote:
> >
>
On 05/09/2014 12:12 PM, Bill Christensen wrote:
>
> Is there a way that I can just have it affect this one problematic
> list? If I change the name of cgi-bin/subscribe and any references to
> it (at least until the next update), do you think that will make a
> difference?
It seems to me the ea
At Fri, 09 May 2014 14:12:57 -0500 Bill Christensen
wrote:
>
> On 5/9/14 1:25 PM, Mark Sapiro wrote:
> > On 05/09/2014 10:46 AM, Bill Christensen wrote:
> >> I temporarily removed the signup form from the listinfo page in hopes of
> >> stemming the tide, and replaced it with a request to use th
At Fri, 09 May 2014 12:46:42 -0500 Bill Christensen
wrote:
>
> On 5/8/14 12:02 PM, Mark Sapiro wrote:
> > On 05/08/2014 09:31 AM, Bill Christensen wrote:
> >> Question 1: Is it possible to reverse the order of approval and
> >> confirmation when requiring both? The admin then can reject all th
On 5/9/14 1:25 PM, Mark Sapiro wrote:
On 05/09/2014 10:46 AM, Bill Christensen wrote:
I temporarily removed the signup form from the listinfo page in hopes of
stemming the tide, and replaced it with a request to use the site's
contact form so that we can manually add interested subscribers. I
p
Mark Sapiro writes:
> They probably aren't using the subscribe form on the listinfo page but
> rather posting the data directly to the subscribe CGI. Try moving
> mailman's cgi-bin/subscribe aside to totally disable web subscribe.
Yeah, this seems like a different attack from the last one I he
On 05/09/2014 10:46 AM, Bill Christensen wrote:
>
> I temporarily removed the signup form from the listinfo page in hopes of
> stemming the tide, and replaced it with a request to use the site's
> contact form so that we can manually add interested subscribers. I
> purposely don't have a subscrib
On 5/8/14 12:02 PM, Mark Sapiro wrote:
On 05/08/2014 09:31 AM, Bill Christensen wrote:
Question 1: Is it possible to reverse the order of approval and
confirmation when requiring both? The admin then can reject all those
with duplicates, only allowing the (presumably real) single subscription
r
On Thu, May 08, 2014 at 11:31:14AM -0500, Bill Christensen wrote:
> I've got a problem with one of my lists where it's being flooded
> with spurious subscription requests.
[…]
> About 12 hrs ago I switched it to require Admin approval. 500+
> subscription requests - mostly in batches of 5-10 fro
On 05/08/2014 09:31 AM, Bill Christensen wrote:
>
> Question 1: Is it possible to reverse the order of approval and
> confirmation when requiring both? The admin then can reject all those
> with duplicates, only allowing the (presumably real) single subscription
> requests to send out a confirmat
Hi all,
I've got a problem with one of my lists where it's being flooded with
spurious subscription requests.
The list was set to require subscription confirmation; the innocent
victims whose addresses were used for the subscription requests started
complaining, as they'd get anywhere from 2
24 matches
Mail list logo
