On 12/22/2016 03:38 PM, Jim Popovitch wrote: > > I'm seeing GET attempts like this: > > 77.247.181.165 - - [22/Dec/2016:23:30:10 +0000] "GET > /subscribe/users?sub_form_token=1527449307%3A44440ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&?sub_form_token=1527449307%3A44440ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en&&sub_form_token=1527449307%3A44440ca6e66379d0e6e9c45b66d93d5864da4621&email=jconno2215%40gmail.com&fullname=585c61c234d98&pw=&pw-conf=&digest=1&email-button=jconno2215%40gmail.com&language=en& > HTTP/1.1" 404 162 "http://netcoolusers.org/"; "Mozilla/5.0 (Windows NT > 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
OK. I see how limiting the subscribe CGI to POST requests would stop these, but I haven't seen any attacks like this. In the ones I've seen, the bot GETs the form via listinfo and then delays and POSTs to subscribe as described in the part of my post in this thread you didn't quote. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
