[Mailman-Users] Deleting pending.pck.tmp files
Mark Sapiro
mark at msapiro.net
Thu Jan 18 14:13:33 EST 2018
On 01/18/2018 06:19 AM, João Sá Marta wrote:
> There’s the code of that page that sends a subscription request to one of my mailing lists
> :document.write(“<iframe frameborder=‘0’ src=‘http://ml.ci.uc.pt/mailman/subscribe/archport?email="+spam_id+"&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe' width='0' height='0'></iframe>");
>
> I am going to put some apache rewrite rules to prevent this, but I don’t know if this is the best way to prevent that kind of spam.
>
> Please let me know if you have a better way to deal with this spam.
We have seen some of this in the past. If the subscribed addresses
("+spam_id+" in the above) are such that you can create a regexp to
match them and not match potential real subscribers, you can add such
regexps to GLOBAL_BAN_LIST. Some that we have used in the past are:
^.*\+.*\d{3,}@
^.*@kezukaya\.com$
^[.a-z0-9]{8,}\+[0-9]{4,}@gmail\.com$
^.*k\.*e\.*m\.*o\.*m\.*a\.*r\.*t.*@gmail\.com
^.*k\.*e\.*z\.*u\.*k\.*a\.*y\.*a.*@gmail\.com
^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com
Also, you need to set SUBSCRIBE_FORM_SECRET in mm_cfg.py to some string
unique to your site to force a GET of the listinfo page to get a hidden
token that needs to be submitted along with the other data to the
'subscribe' URL. See the documentation of SUBSCRIBE_FORM_SECRET in
Defaults.py
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list