[Mailman-Users] Spam to "-request" address generating backscatter spam
Mark Sapiro
mark at msapiro.net
Thu Dec 22 18:26:57 EST 2016
On 12/22/2016 03:01 PM, Jim Popovitch wrote:
>
> I think i have a better solution, (but I'm not so sure how to do this
> in Apache). In Nginx you can use "limit_except PUT { deny all; }"
> to deny the spambot GET attempts.
in apache 2.4 you would do
<LimitExcept PUT>
Require all denied
</LimitExcept>
Require all granted
but how does this help? No one, including bots GETs the subscribe CGI,
and subscription is via POST, not PUT.
The scenario is the same for bots and humans. GET the listinfo CGI with
the hidden token and then POST the form to the subscribe CGI. I don't
see how you can block one without blocking the other.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list