[Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests
Stephen J. Turnbull
turnbull at sk.tsukuba.ac.jp
Tue Oct 23 02:40:12 CEST 2012
Kalbfleisch, Gary writes:
> Kalbfleisch, Gary responds:
>
> Messages are batchable, but administrative tasks are not. As you
> noted you must tick each box, and yes I'm talking pages and pages
> of bogus subscription requests. Quite tedious.
This would be a bigger problem than losing valid requests if it was
frequent.
> I think these too should be batchable but perhaps separately. What
> I would like to be able to do is to change all administrative
> messages to discard (or whatever) with one click, then go back and
> change the legitimate subscription requests back to accept.
I regularly lose posts to mailing lists because of this way of doing
things.
> After analyzing the httpd logs I have identified three primary
> sources of the bogus subscription requests, the most predominant
> being associated with http://mailbait.info.
Wonderful. Not much Mailman can do about the network-level DoS, but I
suppose the web interface could filter on referrers. If mailbait.info
is in the Referrer header, return a 404. ;-)
> > If you have suggestions for the admin interface, that would be very
> > helpful. Even if you don't have a lot of confidence in them, this is
> > a hard problem that requires wild ideas.
> >
>
> CAPTCHA for subscription requests would go a long way in preventing
> this type of exploitation.
I'm pretty sure there are third-party extensions for this.
I'm dubious about the net value of CAPTCHAs. Personally, I generally
take a CAPTCHA as a "NO TRESPASSING -- THIS MEANS YOU!" sign, and
don't go back.
More information about the Mailman-Users
mailing list