On 8/8/2017 12:22 PM, David Gibbs wrote:
Anyone else noticing a distributed mass subscribe attack going on
their lists?
I've noticed a massive number of attempts a small subset of email
addresses, with modifiers (address+modif...@example.com), going on.
It appears the address is valid ... so it appears to be some kind of
hit job to flood someone's inbox.
FWIW: I did a bit of hacking (super simple) and think I've found a way to
thwart the attempt (at least on my server).
It appears that the bot that's doing the attack first gets the subscribe form,
so it can retrieve the sub_form_token value, before it does a POST to do the
subscribe.
I changed the subscribe & listinfo scripts to use a different name for the
sub_form_token field. Something unique to my system.
I've seen a lot of GETS & POSTS from the hosts that were doing the attack and
no subscribe's logged.
david
--
IBM i on Power Systems: For when you can't afford to be out of business!
I'm riding a metric century (100 km / 65 miles) in the American Diabetes
Association's Tour de Cure to raise money for diabetes research, education,
advocacy, and awareness. You can make a tax deductible donation to my ride by
visiting http://gmane.diabetessucks.net. My goal is $6000 but any amount is
appreciated.
You can see where my donations come from by visiting my interactive donation
map ... http://gmane.diabetessucks.net/map (it's a geeky thing).
I may have diabetes, but diabetes doesn't have me!
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org