On Wed, 13 Jun 2018, Jeffrey Schiller wrote:
Would limiting subscription requests to one per day help. I'm familiar with the Mailman code, having modified it for use at MIT, and can code the necessary changes. I suspect only one file would need to be changed.
The problem is knowing what "one" means. The subscription request is likely submitted via http/https into the web form and using a bogus email subscription address (of the "victim"). A botnet is able to submit these requests from hundreds of IP addresses.
If mailman supports subscription requests via SMTP email (I don't remember that it does), then the problem is worse.
If only one new subscription is allowed on the list per day, then there is a trivial DOS (no new valid subscriptions are possible) as soon as the one daily subscription has been consumed.
Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
