[Mailman-Users] Spam to "-request" address generating backscatter spam
Jim Popovitch
jimpop at gmail.com
Thu Dec 22 18:38:56 EST 2016
On Thu, Dec 22, 2016 at 6:26 PM, Mark Sapiro <mark at msapiro.net> wrote:
> On 12/22/2016 03:01 PM, Jim Popovitch wrote:
>>
>> I think i have a better solution, (but I'm not so sure how to do this
>> in Apache). In Nginx you can use "limit_except PUT { deny all; }"
>> to deny the spambot GET attempts.
>
> in apache 2.4 you would do
>
> <LimitExcept PUT>
> Require all denied
> </LimitExcept>
> Require all granted
>
> but how does this help? No one, including bots GETs the subscribe CGI,
> and subscription is via POST, not PUT.
Indeed, POST, not PUT. I have POST in my config, but the docs that I
saw (which I copied to here) used PUT.
> The scenario is the same for bots and humans. GET the listinfo CGI with
> the hidden token and then POST the form to the subscribe CGI. I don't
> see how you can block one without blocking the other.
I'm seeing GET attempts like this:
77.247.181.165 - - [22/Dec/2016:23:30:10 +0000] "GET
/subscribe/users?sub_form_token=1527449307%3A44440ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&?sub_form_token=1527449307%3A44440ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&&sub_form_token=1527449307%3A44440ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&
HTTP/1.1" 404 162 "http://netcoolusers.org/" "Mozilla/5.0 (Windows NT
5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
Although those are failing because they are hitting /subscribe, but if
they ever tweak the bots it could get ugly fast without some
mitigation.
-Jim P.
More information about the Mailman-Users
mailing list