On 06/09/2014 04:11 PM, Rich Kulawiec wrote: > > This is a first-cut, mildly sloppy script that will try to match some > patterns of interest that I've noticed in my "subscribe" log and that > might be in yours. ... > > Here is what the last 10 lines of its output look like on my system: > > Jun 06 00:14:32 2014 ehkfioxlkrr <yuj...@zwdxgc.com> 62.210.226.131 > Jun 06 13:23:16 2014 norchmecn <sty...@zdddmk.com> 86.51.26.20 > Jun 07 02:06:20 2014 eljult <qbp...@wabtdh.com> 86.51.26.11 > Jun 07 13:21:20 2014 dvlevbpj <drk...@nlcvek.com> 210.14.138.102 > Jun 07 15:41:10 2014 sdbdelkv <mtp...@ghazhc.com> 86.51.26.18 > Jun 07 16:17:10 2014 yqrebrgipo <ubn...@cgtnki.com> 86.51.26.20 > Jun 08 06:37:12 2014 cihjwn <sou...@bprryw.com> 202.143.148.58 > Jun 08 06:55:47 2014 ehxvwgrboo <iou...@mnaisa.com> 86.51.26.21 > Jun 08 23:47:58 2014 qqpluym <jpb...@qkvfdi.com> 190.14.219.166 > Jun 09 16:44:15 2014 mloepuj <fig...@jjxlcu.com> 172.245.142.194 > > This is forged gibberish, of course. ... > I'm curious. First, is anybody else seeing these?
Some people are. > Second, does2.1.16 or later > anyone have a theory as to their purpose? They are spammers attempting to subscribe to your list(s) via POSTs to the web subscribe CGI. Presumably if they successfully subscribe, they will then spam the list. If you have Mailman 2.1.16 or later, you can mitigate this by setting SUBSCRIBE_FORM_SECRET = "Some site specific string" in mm_cfg.py. See <https://bugs.launchpad.net/mailman/+bug/1082746>. This is from the NEWS file: There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put a dynamically generated, hidden hash in the listinfo subscribe form and check it upon submission. Setting this will prevent automated processes (bots) from successfully POSTing web subscribes without first retrieving and parsing the form from the listinfo page. The form must also be submitted no later than FORM_LIFETIME nor no earlier than SUBSCRIBE_FORM_MIN_TIME after retrieval. Note that enabling this will break any static subscribe forms on your site. See the description in Defaults.py for more info. (LP: #1082746) -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
