On 07/22/2013 12:16 PM, Will Yardley wrote: > It seems someone is trying to forge-subscribe certain addresses (mostly > AOL / Yahoo / Gmail etc. addresses) on our Mailman install. > > For example, (slightly sanitized, though the IP address is the real one): > > [19/Jul/2013:09:49:17 -0700] 137.117.103.83 TLSv1 RC4-SHA "GET > /mailman/subscribe/listname?email=tar...@example.com&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe > HTTP/1.1" 1587 > [19/Jul/2013:09:49:17 -0700] 137.117.103.83 TLSv1 RC4-SHA "GET > /mailman/subscribe/listname?email=tar...@example.com&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe > HTTP/1.1" 1587 > [19/Jul/2013:09:49:43 -0700] 137.117.103.83 TLSv1 RC4-SHA "GET > /mailman/subscribe/listname?email=tar...@example.com&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe > HTTP/1.1" 1587 > [19/Jul/2013:09:55:50 -0700] 137.117.103.83 TLSv1 RC4-SHA "GET > /mailman/subscribe/listname?email=tar...@example.com&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe > HTTP/1.1" 1587 > [19/Jul/2013:09:56:05 -0700] 137.117.103.83 TLSv1 RC4-SHA "GET > /mailman/subscribe/listname?email=tar...@example.com&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe > HTTP/1.1" 1587 > > The password / confirmation token are the same in each case, so doesn't > seem like they're trying to guess those.
This very likely results from legitimate search engine web crawlers crawling your site. Every time Google crawls mail.python.org, I get an unsubscribe confirmation for Mailman-users. So far, I haven't had the energy to try to stop these as they're easy enough to ignore. In your case, the web crawlers are just blindly submitting the subscribe form from the listinfo page, and disallowing your listinfo pages in a robots.txt will likely stop it. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
