[Mailman-Users] Spam to "-request" address generating backscatter spam

Mark Sapiro mark at msapiro.net
Thu Dec 22 18:26:57 EST 2016


On 12/22/2016 03:01 PM, Jim Popovitch wrote:
> 
> I think i have a better solution, (but I'm not so sure how to do this
> in Apache).  In Nginx you can use "limit_except PUT { deny  all; }"
> to deny the spambot GET attempts.

in apache 2.4 you would do

    <LimitExcept PUT>
      Require all denied
    </LimitExcept>
    Require all granted

but how does this help? No one, including bots GETs the subscribe CGI,
and subscription is via POST, not PUT.

The scenario is the same for bots and humans. GET the listinfo CGI with
the hidden token and then POST the form to the subscribe CGI. I don't
see how you can block one without blocking the other.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


More information about the Mailman-Users mailing list