[Mailman-Users] Subscription flood

Robert Heller heller at deepsoft.com
Fri May 9 22:01:53 CEST 2014 

At Fri, 09 May 2014 14:12:57 -0500 Bill Christensen <billc_lists at greenbuilder.com> wrote:

> 
> On 5/9/14 1:25 PM, Mark Sapiro wrote:
> > On 05/09/2014 10:46 AM, Bill Christensen wrote:
> >> I temporarily removed the signup form from the listinfo page in hopes of
> >> stemming the tide, and replaced it with a request to use the site's
> >> contact form so that we can manually add interested subscribers.  I
> >> purposely don't have a subscribe email address set up for this list.
> >> But somehow they're still coming in - another 1300+ since yesterday.
> >
> > They probably aren't using the subscribe form on the listinfo page but
> > rather posting the data directly to the subscribe CGI. Try moving
> > mailman's cgi-bin/subscribe aside to totally disable web subscribe.
> >
> I expect that will affect my other lists as well, no?

Yes.

> 
> Is there a way that I can just have it affect this one problematic 
> list?  If I change the name of cgi-bin/subscribe and any references to 
> it (at least until the next update), do you think that will make a 
> difference?

Maybe.  Maybe not.  If the spammer's are clever enough, they could just go 
back to the form (or the form on one of the other lists served by your server) 
and find the new name for the subscribe script by looking at the <form> tag.

You *best* option would be to firewall the offending IP address from which the 
attack is comming.  It is *very* likely that these attacks are coming from 
China or someplace where your legit subscriber base is not going to be coming 
from, so blocking the IP address(es) (or subnet(s)) won't affect legit 
subscribion requests.  This is done in the mailman.conf file in the 
/etc/httpd/conf.d/ directory (or possibly in an .htaccess file in Mailman's 
cgibin directory, if AllowOverride is YES).  Or use fail2ban to use iptables 
to block IP addresses that issue too many subscribe requests.  fail2ban is 
very effective at dealing with *any* sort of brute force attach.

> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> 
>                                                                                                                              

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments

More information about the Mailman-Users mailing list