On 6/14/18, Gary R. Schmidt <grschm...@acm.org> wrote: > > Would you be willing to publish your fix to the mailman list so that > others could make use of it? >
I will provide *some* information: I installed a CGI logging system on selected parts of the subscription interface, and I am running "tail -f" on the log file. What I am seeing suggests that the problem is not caused by a single attacker, as there are a wide variety of attacks against the subscription systems. There are many different IP addresses from all over the world, so IP address blocking is of no help. But the differences are deeper than just multiple IP addresses (multiple IP addresses might simply mean that the attacker is using a botnet, for example.) The signatures of the attacks are very different. It is all done by robots, clearly, but it appears that very different code is used for each attack. To describe just one example, some of the attacks are coming in as GET requests, whereas others are coming in as POST. A minor fraction of the attacks seem to be coming from this website: http://185.203.240.97/spam/ So there you have it: If you want to harass someone by sending them thousands of subscription confirmations, there is now a website to assist you. Do we need any further evidence that the heart of man is deceitful above all things, and desperately wicked? -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
