Hi Matheu,
Thank you for that information. I wasn't even aware that this problem
existed. CleanTalk seems to be the cause of this problem. I will look
for ways to find a solution. I can't promise to find a solution
immediately, it will certainly take some time and testing. I will open a
ticket and try to solve this problem after my vacation.
Sam
On 10.07.19 17:12, matheu wrote:
Hi!
Sam:
Hi Matheu,
I'm sorry you had trouble subscribing to the mailing list.
I can disable all the security mechanisms, but as a result we have more
work with all the manual cleanups caused by spammers. We are exposed to
many spam attacks every day and use existing protection mechanisms to
protect ourselves and our community from such attacks. Here are some
numbers about spam, last weeks 2786 attacks were blocked based on IP
address. 17 direct login attempts with blacklisted email addresses have
been blocked. 7 brute force attacks and 70 complex attacks. All
attackers want to remain anonymous.
However, blacklisting Tor exit nodes is usually not doing anything to
the attackers, because of the way Tor works.
E.g., one of the addresses that you blacklist is:
http://metrics.torproject.org/exonerator.html?ip=185.220.101.27×tamp=2019-07-08&lang=en
a Tor exit node with probably heavy traffic of all kinds of people, most
of them probably legitimate visitors.
The malicious ones, esp. if they are expert or just more advanced, your
ban does pretty much nothing to them, because they can do so much more
than just change identity in the top right corner of Tor browser (which
means change who you appear to be to the website that you are visiting,
i.e. the exit node)...
So banning an exit node, which is what the CleanTalk probably does (no
time to investigate, but I think I saw some address with that name in
some instances when I tried visiting https://www.cinelerra-gg.org and
was banned, is just wrong thing to do...
Also there are FOSS captcha's available, way more benign to users, but I
have no time to search for links to those...
I also prefer to surf the Internet
anonymously as far as possible, but we use these protection techniques
to protect ourselves and not to use our visitors for advertising
purposes. These security tools help us spend our time on more important
things, such as more time improving Cinelerra. I would love to do
without such tools, but unfortunately this would make dynamic content of
our users impossible.
I can add you manually. I'll send you an email
But whatever you use to counter spam and attacks is blacklisting exit
nodes that I used today as well.
[...]
Sam
[...]
--
Cin mailing list
Cin@lists.cinelerra-gg.org
https://lists.cinelerra-gg.org/mailman/listinfo/cin
