-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 De-lurking Hi Rafael and everyone else :}( sorry the cross-post ) You should really have captcha's configured for your mailman lists Some shady actors out there are using mailman lists to target certain email addresses. Its a pretty dumb attack, but its annoying :} The target will be hit by hundreds ( if not thousands ) of subscribe confirmation requests. We changed to captcha's a month or more ago, we still get an average of 300 od IP's trying to do this in period of a few hours. Keep an eye out in your logfiles for some of the strings below ( they all seem to try to use the same password ), if you have any issues with getting captcha's to work properly, drop me an email :} Below is an sanitised ( list name and target) entry from the Apache logs ( the IP is real, screw em :} ) 64.234.104.150 - - [13/Aug/2015:08:15:54 +0800] "GET /mailman/subscribe/<<Sanitised list name >>?email=<< Sanitised_TARGET
@YAHOO.COM&fullname=&pw=123456789&pw-conf=123456789&language=en&diges t=0&email-button=Subscribe HTTP/1.1"
301 801 "http://tools.vietche.biz/Boom/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0"
Regards Phill Twiss On 13/08/2015 4:19 AM, Rafael Possamai wrote:
Robert, the first few people who expressed interested were subscribed manually. Everyone else has been using the list website to subscribe! There should have been a message sent out with the subscription email explaining it :)
On Wed, Aug 12, 2015 at 10:28 AM, Robert Webb <rwebb@ropeguru.com> wrote:
Interesting... I just went to the web site to subscribe and I received an email that I was already subscribed.
I don't remember doing that... So how did this happen??
Robert
On Wed, 12 Aug 2015 07:33:05 -0500 Rafael Possamai <rafael@gav.ufsc.br> wrote:
I was actually surprised with how many people subscribed already. I think we are close to 100 already in less than 24 hours.
I could use some help drafting some basic mailing list rules (no spam, no soliciting, etc) and if anyone has any suggestions, please let me know.
On Wed, Aug 12, 2015 at 1:34 AM, Mark Tinka <mark.tinka@seacom.mu> wrote:
On 11/Aug/15 17:46, Alex Brooks wrote:
With the lack of interest compared to NANOG (especially seeing how the old list simply dried up) it might be best making the list global rather than North America only to get the traffic levels up a bit.
Tend to agree that a list with global scope might be more useful.
Mark.
- -- Phill Twiss | IT Manager | Consultant Software Engineer Data Analysis Australia Pty Ltd | STRATEGIC INFORMATION CONSULTANTS 97 Broadway, Nedlands, Western Australia, 6009 | PO Box 3258, Broadway Nedlands, WA, 6009 T: +61 8 9468 2523 (Direct) | +61 8 9468 2533 or +61 8 9386 3304 (Reception) F: +61 8 9386 3202 | E: phill@daa.com.au <mailto:phill@daa.com.au> | I: http://www.daa.com.au <http://www.daa.com.au/> This e-mail message and its attachments are privileged and confidential. If you are not the intended recipient, please delete the message and notify the sender. While every care is taken, it is recommended that you scan any attachments for viruses. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVy+aHAAoJEGwAYdQtPZ9OLAwP/0/9A1zyYpFNDzIr4uHbPfcW C0qJK+65xuKdoQ6nGV0bm7g8Ve82+YQta90LNggm6ncl9hKH5G6fShF+e09h54FJ o+iDBAgOyhk1HjsGw7/fVMpVm9CILgjSV1tgA/HM66YGIOglslv8B10UBT9CJELD JZ0Bzo3OPkTOUA/+casK3ydUn1Dpuaol4/i5iR/G7Td+F0oY3qyiXDUXVjMaN4MX XzTRi6Luf+tS/agwnPYpX96vZ17xRn5/OVHwUSjTsnPQTUTuyTKm+S9rvuUBIawQ qAv9sdyAVEH6IbdpQfv7hzmlm8Qj29VlyfT9Em6WEpBcDCph5GcFewEXLu4gajUI dlj1n20W7NDb/bPnFUkgH0Nx6ZYV6mn9HzE29L2vnQWYN/EMdc3q5s7P1JYOe0u2 7e9xB6W0ZINPEVh4XS6HYtolYdXxD2oGRKi1suAXwUtO8gtBxonvGE5T7KbtM2WG XSzR61dMZdBcBXGMSQvdU3nPgddbiV39tSwq7XhnPbu+JH0HjVYXM+CsP9hvT2zl dKKDa7CTmjHH6yr1jlMDUP92i9OOMXVSW4l8pVFBKBJRduqGZiSArSMYpY1ADjID iIO7qw2bCdClNiWaQ1JrdaZnKZQZ8nk2G679GY7XNUm9dxz8WBvErmWMzWp/xxwQ a/7piwQb0C5+7jblAB23 =anjV -----END PGP SIGNATURE-----