[Mailman-Users] Subscription flood

Robert Heller heller at deepsoft.com
Tue May 13 22:12:14 CEST 2014 

At Tue, 13 May 2014 14:54:26 -0500 Bill Christensen <billc_lists at greenbuilder.com> wrote:

> 
> I finally got a chance to look over the logs today; this is a widely
> distributed attack, so address blocking is probably futile.

How widely?  It *could* be a /16 subnet (eg distributed over 2^^16 address) 
somewhere in an 'odd' part of the world (somewhere your potential subscriber 
base is not likely to be from).

Even if it is widely distributed, fail2ban might do what you need.  The 
*worst* the fail2ban would do is make things difficult for a *few* legit 
subscription requesters.

> 
> Sorry to be dense, but how do I apply that patch?
> 
> Thanks
> 
> 
> On Fri, May 9, 2014 at 3:19 PM, Mark Sapiro <mark at msapiro.net> wrote:
> 
> > On 05/09/2014 12:12 PM, Bill Christensen wrote:
> > >
> > > Is there a way that I can just have it affect this one problematic
> > > list?  If I change the name of cgi-bin/subscribe and any references to
> > > it (at least until the next update), do you think that will make a
> > > difference?
> >
> >
> > It seems to me the easiest way to do this is to apply the attached patch
> > to Mailman/Cgi/subscribe.py. Change problem_list to the actual list name
> > and if you don't want the logging, remove the syslog line.
> >
> > But as others have suggested, look at your web server logs (or the
> > subscribe confirmation emails) to get the IP address(es) that are
> > submitting them. If they all come from a single IP or netblock, block
> > that with iptables or whatever firewall you have.
> >
> > --
> > Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> > San Francisco Bay Area, California    better use your sense - B. Dylan
> >
> > ------------------------------------------------------
> > Mailman-Users mailing list Mailman-Users at python.org
> > https://mail.python.org/mailman/listinfo/mailman-users
> > Mailman FAQ: http://wiki.list.org/x/AgA3
> > Security Policy: http://wiki.list.org/x/QIA9
> > Searchable Archives:
> > http://www.mail-archive.com/mailman-users%40python.org/
> > Unsubscribe:
> > https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com
> >
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> 
>                                 

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments

More information about the Mailman-Users mailing list