[Mailman-Users] Subscription flood

Bill Christensen billc_lists at greenbuilder.com
Tue May 13 22:44:18 CEST 2014


Very wide.  Vietnam, China, New York, France just at a quick look.

I'm looking into fail2ban now.  Thanks to those of you who have mentioned
it.


On Tue, May 13, 2014 at 3:12 PM, Robert Heller <heller at deepsoft.com> wrote:

> At Tue, 13 May 2014 14:54:26 -0500 Bill Christensen <
> billc_lists at greenbuilder.com> wrote:
>
> >
> > I finally got a chance to look over the logs today; this is a widely
> > distributed attack, so address blocking is probably futile.
>
> How widely?  It *could* be a /16 subnet (eg distributed over 2^^16 address)
> somewhere in an 'odd' part of the world (somewhere your potential
> subscriber
> base is not likely to be from).
>
> Even if it is widely distributed, fail2ban might do what you need.  The
> *worst* the fail2ban would do is make things difficult for a *few* legit
> subscription requesters.
>
> >
> > Sorry to be dense, but how do I apply that patch?
> >
> > Thanks
> >
> >
> > On Fri, May 9, 2014 at 3:19 PM, Mark Sapiro <mark at msapiro.net> wrote:
> >
> > > On 05/09/2014 12:12 PM, Bill Christensen wrote:
> > > >
> > > > Is there a way that I can just have it affect this one problematic
> > > > list?  If I change the name of cgi-bin/subscribe and any references
> to
> > > > it (at least until the next update), do you think that will make a
> > > > difference?
> > >
> > >
> > > It seems to me the easiest way to do this is to apply the attached
> patch
> > > to Mailman/Cgi/subscribe.py. Change problem_list to the actual list
> name
> > > and if you don't want the logging, remove the syslog line.
> > >
> > > But as others have suggested, look at your web server logs (or the
> > > subscribe confirmation emails) to get the IP address(es) that are
> > > submitting them. If they all come from a single IP or netblock, block
> > > that with iptables or whatever firewall you have.
> > >
> > > --
> > > Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> > > San Francisco Bay Area, California    better use your sense - B. Dylan
> > >
> > > ------------------------------------------------------
> > > Mailman-Users mailing list Mailman-Users at python.org
> > > https://mail.python.org/mailman/listinfo/mailman-users
> > > Mailman FAQ: http://wiki.list.org/x/AgA3
> > > Security Policy: http://wiki.list.org/x/QIA9
> > > Searchable Archives:
> > > http://www.mail-archive.com/mailman-users%40python.org/
> > > Unsubscribe:
> > >
> https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com
> > >
> > ------------------------------------------------------
> > Mailman-Users mailing list Mailman-Users at python.org
> > https://mail.python.org/mailman/listinfo/mailman-users
> > Mailman FAQ: http://wiki.list.org/x/AgA3
> > Security Policy: http://wiki.list.org/x/QIA9
> > Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> > Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> >
> >
>
> --
> Robert Heller             -- 978-544-6933 / heller at deepsoft.com
> Deepwoods Software        -- http://www.deepsoft.com/
> ()  ascii ribbon campaign -- against html e-mail
> /\  www.asciiribbon.org   -- against proprietary attachments
>
>
>
>


More information about the Mailman-Users mailing list