[Mailman-Users] Spam to "-request" address generating backscatter spam
Mark Sapiro
mark at msapiro.net
Thu Dec 22 18:43:39 EST 2016
On 12/22/2016 01:53 PM, Jim Popovitch wrote:
>
> I know the GLOBAL_BAN_LIST is for email addrs, but what would it take
> to implement the same (or some field validation logic) for the
> "fullname" field of the subscription page. I'm still seeing a ton of
> subscribe spam attempts, and the fullname field is consistently not a
> text name.
>
>>From nginx log:
>
> ...sales at apexgolfcarts.com&fullname=58562fbb70e22...
> ...ellenv3 at hotmail.com&fullname=5856315b5b695...
> ...scottpickup2000 at gmail.com&fullname=5856372a4e2f1...
> ...vanessae at live.com&fullname=58563aa6664bf...
> ...meagan at meaganlucyphoto.con&fullname=58563ab925ac7...
> ...saramardambey at gmail.com&fullname=58564566dc31b...
> ...dotthomas717 at yahoo.com&fullname=5856456df0b96...
> ...scottpickup2000 at gmail.com&fullname=58564b85ccf98...
If you only want to target user subscribes and not things like admin
mass subscribes and invitations, you could modify Mailman/MailList.py in
the AddMember() method around line 894
pattern = self.GetBannedPattern(email)
change that to
pattern = (self.GetBannedPattern(email) or
self.GetBannedPattern(realname))
Then you could add patterns like, e.g., '^[0-9af]{10,}' to the
GLOBAL_BAN_LIST to match those real names.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list