[Mailman-Users] Distributed mass subscribe attack?
Andy Cravens
acravens at uen.org
Thu Aug 17 16:44:36 EDT 2017
On 8/8/2017 12:22 PM, David Gibbs wrote:
> Anyone else noticing a distributed mass subscribe attack going on
> their lists?
>
> I've noticed a massive number of attempts a small subset of email
> addresses, with modifiers (address+modifier at example.com), going on.
>
> It appears the address is valid ... so it appears to be some kind of
> hit job to flood someone's inbox.
"FWIW: I did a bit of hacking (super simple) and think I've found a way to thwart the attempt (at least on my server).
It appears that the bot that's doing the attack first gets the subscribe form, so it can retrieve the sub_form_token value, before it does a POST to do the subscribe.
I changed the subscribe & listinfo scripts to use a different name for the sub_form_token field. Something unique to my system."
I have the same issues. Thank you for the info above. I’m also working on a patch for reCaptcha V2. Don’t know if I’ll have it done this month.
—
Andy
More information about the Mailman-Users
mailing list