July 16, 2024
7:33 p.m.
Hello,
We're running mailman 2.
Quite a few script kiddies and other idiots have figured out that they can use our mailman installation to annoy people. They bypass the subscribe page directly, and run cgi-bin/subscribe directly - many, many times.
We fixed the problem by removing the appropriate executable permission from cgi-bin/subscribe and rewriting the list info page to handle subscriptions differently. (We removed the Subscribe fields and button.)
While this works, it's inelegant and a bit convoluted.
Is there another way to prevent this, and leave the default info page intact?
Thanks.
::Jack