[Mailman-Users] Spam to "-request" address generating backscatter spam

Jim Popovitch jimpop at gmail.com
Thu Dec 22 18:38:56 EST 2016

On Thu, Dec 22, 2016 at 6:26 PM, Mark Sapiro <mark at msapiro.net> wrote:
> On 12/22/2016 03:01 PM, Jim Popovitch wrote:
>> I think i have a better solution, (but I'm not so sure how to do this
>> in Apache).  In Nginx you can use "limit_except PUT { deny  all; }"
>> to deny the spambot GET attempts.
> in apache 2.4 you would do
>     <LimitExcept PUT>
>       Require all denied
>     </LimitExcept>
>     Require all granted
> but how does this help? No one, including bots GETs the subscribe CGI,
> and subscription is via POST, not PUT.

Indeed, POST, not PUT.  I have POST in my config, but the docs that I
saw (which I copied to here) used PUT.

> The scenario is the same for bots and humans. GET the listinfo CGI with
> the hidden token and then POST the form to the subscribe CGI. I don't
> see how you can block one without blocking the other.

I'm seeing GET attempts like this: - - [22/Dec/2016:23:30:10 +0000] "GET
HTTP/1.1" 404 162 "http://netcoolusers.org/" "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"

Although those are failing because they are hitting /subscribe, but if
they ever tweak the bots it could get ugly fast without some

-Jim P.

More information about the Mailman-Users mailing list