Bogus Email Subscription Requests using Axios
Running Mailman 2.1.15 on CentOS 7.
In the last week or so I started getting bogus subscription attempts. The attempts are seen in /var/log/httpd/ssl_access.log:
66.78.5.8 - - [27/May/2021:22:46:06 -1000] "POST /mailman//subscribe/mailman HTTP/1.1" 200 1171 "-" "axios/0.19.2" 67.203.60.115 - - [27/May/2021:22:51:15 -1000] "POST /mailman//subscribe/mylist HTTP/1.1" 200 1164 "-" "axios/0.19.2" 173.46.92.221 - - [27/May/2021:22:51:15 -1000] "POST /mailman//subscribe/ott HTTP/1.1" 200 1143 "-" "axios/0.19.2" 185.206.222.31 - - [27/May/2021:22:51:15 -1000] "POST /mailman//subscribe/sundayjammers HTTP/1.1" 200 1213 "-" "axios/0.19.2" 185.206.222.85 - - [27/May/2021:22:51:36 -1000] "POST /mailman//subscribe/ott HTTP/1.1" 200 1143 "-" "axios/0.19.2" 67.207.184.138 - - [27/May/2021:22:51:37 -1000] "POST /mailman//subscribe/cdh_board HTTP/1.1" 200 1185 "-" "axios/0.19.2" 173.211.37.87 - - [27/May/2021:22:51:37 -1000] "POST /mailman//subscribe/test HTTP/1.1" 200 1150 "-" "axios/0.19.2"
My attempt to block these does not appear to be working. Suggestions please?
RewriteEngine on RewriteCond %{REQUEST_METHOD} POST RewriteCond "%{HTTP_USER_AGENT}" "^axios" RewriteRule ^/mailman//subscribe/ - [F]
On 5/30/21 1:27 AM, enews@jdb.homelinux.net wrote:
My attempt to block these does not appear to be working. Suggestions please?
RewriteEngine on RewriteCond %{REQUEST_METHOD} POST RewriteCond "%{HTTP_USER_AGENT}" "^axios" RewriteRule ^/mailman//subscribe/ - [F]
I'm not sure why the above doesn't work assuming that you have mod_rewrite enabled. You might try dropping the POST condition and changing the rule to just
RewriteRule ^/mailman/ - [F]
I doubt you get any legitimate 'non-crawler' type requests from axios agents.
participants (2)
-
enews@jdb.homelinux.net -
Mark Sapiro