ISO speciific RegExp to filter/discard bot subscribe requests
Hello, We have a list running on Mailman version 2.1.20.
Over the last several days began receiving hundreds of bot subscription requests (all gmail addresses).
All of format like: blech+12345678@gmail.com zark+98765432@gmail.com
In attempt to solve this issue, entered the following regex lines in Privacy Options -> Subscription Rules -> ban_list
^.*blech ^.*zark
Temporarily did the job, but the bot(s) adapted and changed the prefix of the address string to:
crap+12345678@gmail.com grum+98765432@gmail.com
Common to ALL of the bot subscribe requests is including within the the email address a "+" symbol.
So I tried entering RegExp ^.*+ but Mailman rejected this entry.
But was able to enter RegExp of ^.*/+ However that allowed all the bot spam requests through.
Unable to keep up with the bots changing the address prefix.
Can anyone recommend an example of a RegExp entry which would prevent/solve this dilemma?
Note: I've searched the Mailman-Users list archives and noted Mr. Yardley's recent posts, but not able to implement his solution as I don't have access the server. (so also unable to configure SUBSCRIBE_FORM_SECRET solution).
Thank you for any ideas.
On 08/27/2015 02:49 AM, Nelson Kelly wrote:
Because '+' means 1 or more of the preceding, but the preceding is a repeat itself so it's a bad regexp.
But was able to enter RegExp of ^.*/+ However that allowed all the bot spam requests through.
because that says 0 or more of anything followed by 1 or more slashes (/) which is unlikely to match anything. (You probably wanted ^.*\+ but see below.)
Yes.
^.*\+\d{3,}@
See <https://mail.python.org/pipermail/mailman-users/2015-August/079668.html> for a bit more.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 8/29/2015 5:53 PM, Mark Sapiro wrote:
Inserted the above recommended RegExp string into the ban_list, and within minutes subscribe request bot spam began showing up in the mod queue.
All the new spams appear to be of a slightly different format from which I described in the OP.
blahblah+blah-blah-blah-blah-12345678@gmail.com blah_12_34+blah-blah-blah-blah-12345678@hotmail.com
Indeed I need to learn how to generate my own Regular Expressions. But until then I'll rely on your advice. I can post the actual list of spam addresses if that is preferred. Thanks.
On Sun, Aug 30, 2015 at 02:06:26AM -0700, Nelson Kelly wrote: [...]
Try this regex instead:
^.*\+.*?\d{3,}@
The meaning of it is:
^ start of string .* any number of characters \+ a literal plus sign .*? any number of characters (non-greedy) \d{3,} at least three digits @ a literal at sign
I'm not sure if the difference between "non-greedy" .*? and "greedy" .* is important in this case.
Good luck!
-- Steve
On 08/30/2015 04:43 AM, Steven D'Aprano wrote:
I'm now seeing these too.
It doesn't matter here. It would matter if there were groups. E.g.,
^.*\+(.*?)(\d{3,})@
In this case, the (.*?) group would match everything after the '+' up to and not including the digits and the (\d{3,}) group would match all the digits.
If the first group were greedy, i.e. (.*) without the ?, it would match up to the last 3 digits and the (\d{3,}) group would match only the last 3 digits.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 08/27/2015 02:49 AM, Nelson Kelly wrote:
Because '+' means 1 or more of the preceding, but the preceding is a repeat itself so it's a bad regexp.
But was able to enter RegExp of ^.*/+ However that allowed all the bot spam requests through.
because that says 0 or more of anything followed by 1 or more slashes (/) which is unlikely to match anything. (You probably wanted ^.*\+ but see below.)
Yes.
^.*\+\d{3,}@
See <https://mail.python.org/pipermail/mailman-users/2015-August/079668.html> for a bit more.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 8/29/2015 5:53 PM, Mark Sapiro wrote:
Inserted the above recommended RegExp string into the ban_list, and within minutes subscribe request bot spam began showing up in the mod queue.
All the new spams appear to be of a slightly different format from which I described in the OP.
blahblah+blah-blah-blah-blah-12345678@gmail.com blah_12_34+blah-blah-blah-blah-12345678@hotmail.com
Indeed I need to learn how to generate my own Regular Expressions. But until then I'll rely on your advice. I can post the actual list of spam addresses if that is preferred. Thanks.
On Sun, Aug 30, 2015 at 02:06:26AM -0700, Nelson Kelly wrote: [...]
Try this regex instead:
^.*\+.*?\d{3,}@
The meaning of it is:
^ start of string .* any number of characters \+ a literal plus sign .*? any number of characters (non-greedy) \d{3,} at least three digits @ a literal at sign
I'm not sure if the difference between "non-greedy" .*? and "greedy" .* is important in this case.
Good luck!
-- Steve
On 08/30/2015 04:43 AM, Steven D'Aprano wrote:
I'm now seeing these too.
It doesn't matter here. It would matter if there were groups. E.g.,
^.*\+(.*?)(\d{3,})@
In this case, the (.*?) group would match everything after the '+' up to and not including the digits and the (\d{3,}) group would match all the digits.
If the first group were greedy, i.e. (.*) without the ?, it would match up to the last 3 digits and the (\d{3,}) group would match only the last 3 digits.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Mark Sapiro -
Nelson Kelly -
Steven D'Aprano