On 07/22/2013 12:16 PM, Will Yardley wrote: > It seems someone is trying to forge-subscribe certain addresses (mostly > AOL / Yahoo / Gmail etc. addresses) on our Mailman install. > > For example, (slightly sanitized, though the IP address is the real one): > > [19/Jul/2013:09:49:17 -0700] 137.117.103.83 TLSv1 RC4-SHA "GET > /mailman/subscribe/[email protected]&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe > HTTP/1.1" 1587 > [19/Jul/2013:09:49:17 -0700] 137.117.103.83 TLSv1 RC4-SHA "GET > /mailman/subscribe/[email protected]&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe > HTTP/1.1" 1587 > [19/Jul/2013:09:49:43 -0700] 137.117.103.83 TLSv1 RC4-SHA "GET > /mailman/subscribe/[email protected]&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe > HTTP/1.1" 1587 > [19/Jul/2013:09:55:50 -0700] 137.117.103.83 TLSv1 RC4-SHA "GET > /mailman/subscribe/[email protected]&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe > HTTP/1.1" 1587 > [19/Jul/2013:09:56:05 -0700] 137.117.103.83 TLSv1 RC4-SHA "GET > /mailman/subscribe/[email protected]&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe > HTTP/1.1" 1587 > > The password / confirmation token are the same in each case, so doesn't > seem like they're trying to guess those.
This very likely results from legitimate search engine web crawlers crawling your site. Every time Google crawls mail.python.org, I get an unsubscribe confirmation for Mailman-users. So far, I haven't had the energy to try to stop these as they're easy enough to ignore. In your case, the web crawlers are just blindly submitting the subscribe form from the listinfo page, and disallowing your listinfo pages in a robots.txt will likely stop it. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
