At Tue, 13 May 2014 14:54:26 -0500 Bill Christensen <[email protected]> wrote:
> > I finally got a chance to look over the logs today; this is a widely > distributed attack, so address blocking is probably futile. How widely? It *could* be a /16 subnet (eg distributed over 2^^16 address) somewhere in an 'odd' part of the world (somewhere your potential subscriber base is not likely to be from). Even if it is widely distributed, fail2ban might do what you need. The *worst* the fail2ban would do is make things difficult for a *few* legit subscription requesters. > > Sorry to be dense, but how do I apply that patch? > > Thanks > > > On Fri, May 9, 2014 at 3:19 PM, Mark Sapiro <[email protected]> wrote: > > > On 05/09/2014 12:12 PM, Bill Christensen wrote: > > > > > > Is there a way that I can just have it affect this one problematic > > > list? If I change the name of cgi-bin/subscribe and any references to > > > it (at least until the next update), do you think that will make a > > > difference? > > > > > > It seems to me the easiest way to do this is to apply the attached patch > > to Mailman/Cgi/subscribe.py. Change problem_list to the actual list name > > and if you don't want the logging, remove the syslog line. > > > > But as others have suggested, look at your web server logs (or the > > subscribe confirmation emails) to get the IP address(es) that are > > submitting them. If they all come from a single IP or netblock, block > > that with iptables or whatever firewall you have. > > > > -- > > Mark Sapiro <[email protected]> The highway is for gamblers, > > San Francisco Bay Area, California better use your sense - B. Dylan > > > > ------------------------------------------------------ > > Mailman-Users mailing list [email protected] > > https://mail.python.org/mailman/listinfo/mailman-users > > Mailman FAQ: http://wiki.list.org/x/AgA3 > > Security Policy: http://wiki.list.org/x/QIA9 > > Searchable Archives: > > http://www.mail-archive.com/mailman-users%40python.org/ > > Unsubscribe: > > https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com > > > ------------------------------------------------------ > Mailman-Users mailing list [email protected] > https://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: > https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com > > -- Robert Heller -- 978-544-6933 / [email protected] Deepwoods Software -- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
