[Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

Kalbfleisch, Gary GaryK at shoreline.edu
Tue Oct 23 18:28:20 CEST 2012

Note that for the majority of what I  have seen in this attack it is the return email messages that the exploiters desire.  I have seen some subscriptions actually get through but I have not seen them exploited in any way other than to add to the flood of emails to the subscriber.  I have seen some evidence that these accounts may have been used in an attempt to harvest email address.  I have of course deleted all of these accounts so I won't have the opportunity to observe how else they might be used.

 As a result of this activity I have changed all lists so that confirmation is required for all subscriptions, and only list owners can view the list of subscribers.  The confirmations don't actually solve the email bombing problem but it will keep bogus subscriptions to a minimum.  I have implemented some iptables filters as noted previously but I have not yet opened up the web interface externally.  I have been monitoring traffic directed to port 80 on my Mailman server and it has gone down significantly since I put up the block.  I may open it up again next week to see how my iptables filters work.

-- Gary Kalbfleisch 
-- Director of Technology Support Services 
-- Shoreline Community College 
-- (206) 546-5813 
-- (206) 546-6943 Fax 

> -----Original Message-----
> From: Mailman-Users [mailto:mailman-users-
> bounces+garyk=shoreline.edu at python.org] On Behalf Of jdd
> Sent: Tuesday, October 23, 2012 8:42 AM
> To: mailman-users at python.org
> Subject: Re: [Mailman-Users] Automated Subscription Bots Inundating List
> Owners With Subscription Requests
> Le 23/10/2012 17:17, Carl Zwanzig a écrit :
> > I've used a similar method for help email to places like yahoo. At the
> > bottom of the text I ask "Please tell me your favorite color so I know
> > I'm working with a real person." Seems to work.
> yes I also have "public" passwd on a wiki. By the way the pas is not on the
> wiki page but on the mail I send to user.
> that said there are some real human paid to catch web site, and against that
> no luck :-(
> jdd
> --
> http://www.dodin.org
> http://jddtube.dodin.org/20120616-52-highway_v1115
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy:
> http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-
> archive.com/mailman-users%40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-
> users/garyk%40shoreline.edu

More information about the Mailman-Users mailing list