On 08/25/2015 10:12 AM, Will Yardley wrote:
> I'm seeing massive numbers of subscription lists to various lists we
> host (including multiple requests to the same list).
>
> These are submitted via a distributed network of hosts, presumably
> botnet victims / open proxies.
>
> The requests are from
> foo+[0-9]{9}@gmail.com
We have seen a huge rash of these on the python.org lists. Even with a
SUBSCRIBE_FORM_SECRET set and SUBSCRIBE_FORM_MIN_TIME = seconds(8) a
small percentage succeeded and that was still a lot.
Because of this, the head of the 2.1 branch at
<https://launchpad.net/mailman/2.1/> now implements a GLOBAL_BAN_LIST
and on mail.python.org, that is set to
GLOBAL_BAN_LIST = ['^.*\+\d{3,}@']
to ban any address whose local part ends with a '+' followed by 3 or
more digits. Before doing this I checked and there was only one member
of one list out of all the python.org list subscribers that had a local
part ending with '+' and digits and it only had one digit between the
'+' and '@'.
The attempts keep coming though.
--
Mark Sapiro <[email protected]> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list [email protected]
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
