On Aug 18, 2017, at 8:36 AM, David Gibbs <da...@midrange.com> wrote:
On 8/17/17 3:47 PM, Andy Cravens wrote: > I forgot to mention I’m also working on a modsecurity rule to look at > all POSTs and reject if they contain an email address with a + sign. I'm interested in both your recaptcha mod & mod_security rule ... please post (or contact me privately) when you make some progress. If you're interested in my MM mod, let me know. After reading the responses concerning the + symbol in email addresses I have decided not to block them. What I did was to implement reCaptcha v1 using the instructions here: https://www.dragonsreach.it/2014/05/03/adding-recaptcha-support-to-mailman/ When I first looked at this I had made several bad assumptions. I assumed you could not use the reCaptcha v2 keys with v1. The new keys work fine with v1. I had to apply the patch manually by editing the files and inserting the new code. It wasn’t a big deal. I still plan on looking at implementing v2 sometime this year if I can find some free time. Also plan on creating the modsecurity rules mentioned earlier. Another modsecurity rule I want to create is to watch for outgoing replies that indicate a failed login attempt and take action if conditions warrant. I will post my rules when I have tested and verified they work. — Andy ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
