On 08/18/21 15:15, David Gibbs via Mailman-Users wrote:
> Is anyone else seeing requests to their mailman install that look
> something like this:
>
> Aug 18 15:10:16 2021 (31166) Hostile listname:
>
I'm pretty sure that this comes from Proofpoint's "URL Defense"
system. (Google it.) But I don't understand what you mean by "hostile
listname" being "correct". What comes before the __ is usually a URL,
and there is also a __ BEFORE the url begins. If you use a graphical
mail client (like gmail),
On 8/18/2021 1:15 PM, David Gibbs via Mailman-Users wrote:
The pattern is rather consistent ... "__;!NV" followed by a bunch of garbage.
I don't recognize the encoding, but that looks like someone is trying an SQL
injection attack. I could also be wrong.
z!
Folks:
Is anyone else seeing requests to their mailman install that look
something like this:
Aug 18 15:10:16 2021 (31166) Hostile listname:
listname=midrange-l__;!!NVq9dfhzMyHqTw!wLl-dt8zxsuQuoyojs-UYmT_d65WZroClHaYGfHduJ561eT0B7baTQV1ogZzQKRRsw$:
remote=52.34.76.65
Basically, the list