[Mailman-Users] Re: Web requests with garbage at the end of the list name

2021-08-29 Thread Mark Sapiro
On 8/18/21 1:15 PM, David Gibbs via Mailman-Users wrote: Folks: Is anyone else seeing requests to their mailman install that look something like this: Aug 18 15:10:16 2021 (31166) Hostile listname:

[Mailman-Users] Re: Web requests with garbage at the end of the list name

2021-08-29 Thread Thomas Hochstein
Jon Baron wrote: >> Aug 18 15:10:16 2021 (31166) Hostile listname: >> listname=midrange-l__;!!NVq9dfhzMyHqTw!wLl-dt8zxsuQuoyojs-UYmT_d65WZroClHaYGfHduJ561eT0B7baTQV1ogZzQKRRsw$: >> >> remote=52.34.76.65 >> >> Basically, the list name is correct, but the added "__;!NV..." makes it >> invalid.

[Mailman-Users] Re: Web requests with garbage at the end of the list name

2021-08-19 Thread Jon Baron
I don't understand the terms you use. So I will not comment further on this thread. "Web UI"? "Email"? However, I did suggest using Google to find out more about Proofpoint. All the information is there. They do have a goal. Whether they achieve it, I do not know. Jon -- Jonathan Baron,

[Mailman-Users] Re: Web requests with garbage at the end of the list name

2021-08-19 Thread David Gibbs via Mailman-Users
On 8/18/21 3:36 PM, Jon Baron wrote: I'm pretty sure that this comes from Proofpoint's "URL Defense" system. Ah. OK. But I don't understand what you mean by "hostile listname" being "correct". The listname before the garbage is correct. I suggest running all messages through

[Mailman-Users] Re: Web requests with garbage at the end of the list name

2021-08-19 Thread David Gibbs via Mailman-Users
On 8/18/21 11:34 PM, Stephen J. Turnbull wrote: Is anyone else seeing requests to their mailman install that look something like this: Aug 18 15:10:16 2021 (31166) Hostile listname: listname=midrange-l__;!!NVq9dfhzMyHqTw!wLl-dt8zxsuQuoyojs-UYmT_d65WZroClHaYGfHduJ561eT0B7baTQV1ogZzQKRRsw$:

[Mailman-Users] Re: Web requests with garbage at the end of the list name

2021-08-18 Thread Stephen J. Turnbull
On 08/18/21 15:15, David Gibbs via Mailman-Users wrote: > Is anyone else seeing requests to their mailman install that look > something like this: > > Aug 18 15:10:16 2021 (31166) Hostile listname: >

[Mailman-Users] Re: Web requests with garbage at the end of the list name

2021-08-18 Thread Jon Baron
I'm pretty sure that this comes from Proofpoint's "URL Defense" system. (Google it.) But I don't understand what you mean by "hostile listname" being "correct". What comes before the __ is usually a URL, and there is also a __ BEFORE the url begins. If you use a graphical mail client (like gmail),

[Mailman-Users] Re: Web requests with garbage at the end of the list name

2021-08-18 Thread Carl Zwanzig
On 8/18/2021 1:15 PM, David Gibbs via Mailman-Users wrote: The pattern is rather consistent ... "__;!NV" followed by a bunch of garbage. I don't recognize the encoding, but that looks like someone is trying an SQL injection attack. I could also be wrong. z!