[Mailman-Users] Subscription flood
Mark Sapiro
mark at msapiro.net
Fri May 9 22:19:12 CEST 2014
On 05/09/2014 12:12 PM, Bill Christensen wrote:
>
> Is there a way that I can just have it affect this one problematic
> list? If I change the name of cgi-bin/subscribe and any references to
> it (at least until the next update), do you think that will make a
> difference?
It seems to me the easiest way to do this is to apply the attached patch
to Mailman/Cgi/subscribe.py. Change problem_list to the actual list name
and if you don't want the logging, remove the syslog line.
But as others have suggested, look at your web server logs (or the
subscribe confirmation emails) to get the IP address(es) that are
submitting them. If they all come from a single IP or netblock, block
that with iptables or whatever firewall you have.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-------------- next part --------------
--- subscribe.py 2014-05-09 12:30:58.295498380 -0700
+++ subscribex.py 2014-05-09 13:03:34.567535107 -0700
@@ -54,6 +54,15 @@
return
listname = parts[0].lower()
+ if listname = 'problem_list':
+ safelistname = Utils.websafe(listname)
+ doc.AddItem(Header(2, _("Error")))
+ doc.AddItem(Bold(_('Web subscribe not allowed <em>%(safelistname)s</em>')))
+ # Send this with a 403 status.
+ print 'Status: 403 Forbidden'
+ print doc.Format()
+ syslog('vette', 'subscribe: Forbidden list "%s": %s\n', listname, e)
+ return
try:
mlist = MailList.MailList(listname, lock=0)
except Errors.MMListError, e:
More information about the Mailman-Users
mailing list