[Mailman-Users] Re: spamming
Jim Dory writes: > I've started getting these spamming attacks again so thought I > would dive into trying this recaptcha. I got the keys for V2 > recaptcha from google and put the 2 lines at the bottom of the > mm_cfg.py with proper keys from google. Spelling double > checked. After saving the file, I can't log into the web interface > of mailman - I get a Bad Request error page. I commented out the > RECAPTCHA_*_* lines and could then access the admin web pages > again. There's a lot missing here. 1. What version of what operating system are you using? Ubuntu and Debian are likely to require some hoop-jumping to get the needed software installed. 2. What version of Python are you using? 3. What version of Mailman are you using? If it's recent enough, the listinfo.* pages will include a tag "" which does all the heavy lifting for you. 4. How did you install Mailman? Preinstalled on a cPanel host, from the OS, from source in a virtual environment, other from source? > web admin pages. What would I add and to which files? I don't see > list_info under /usr/local/cpanel/3rdparty/mailman/Mailman/ . Try `find /usr/local/cpanel/3rdparty/mailman -name 'listinfo.*'` and you should see a bunch of them. Most likely you are only interested in /usr/local/cpanel/3rdparty/mailman/templates/en/listinfo.html and maybe the .txt version of that file if it exists, but if you offer other languages to your users, you may need to deal with the $TWO_LETTER_LANGUAGE_CODE/listinfo.* versions for those languages. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: spamming
On 12/13/23 01:04, Stephen J. Turnbull wrote: Jim Dory writes: > I've started getting these spamming attacks again so thought I > would dive into trying this recaptcha. I got the keys for V2 > recaptcha from google and put the 2 lines at the bottom of the > mm_cfg.py with proper keys from google. Spelling double > checked. After saving the file, I can't log into the web interface > of mailman - I get a Bad Request error page. I commented out the > RECAPTCHA_*_* lines and could then access the admin web pages > again. There's a lot missing here. 1. What version of what operating system are you using? Ubuntu and Debian are likely to require some hoop-jumping to get the needed software installed. 2. What version of Python are you using? 3. What version of Mailman are you using? If it's recent enough, the listinfo.* pages will include a tag "" which does all the heavy lifting for you. 4. How did you install Mailman? Preinstalled on a cPanel host, from the OS, from source in a virtual environment, other from source? > web admin pages. What would I add and to which files? I don't see > list_info under /usr/local/cpanel/3rdparty/mailman/Mailman/ . Try `find /usr/local/cpanel/3rdparty/mailman -name 'listinfo.*'` and you should see a bunch of them. Most likely you are only interested in /usr/local/cpanel/3rdparty/mailman/templates/en/listinfo.html and maybe the .txt version of that file if it exists, but if you offer other languages to your users, you may need to deal with the $TWO_LETTER_LANGUAGE_CODE/listinfo.* versions for those languages. Thank you Stephen. Apologies for being vague. I did find the listinfo.html file yesterday - I hadn't ever altered that particular file directly. 1. CentOS v7.9.2009 STANDARD kvm, cPanel Version 110.0.17. I need to upgrade the OS AlmaLinux 8 by this summer. as CentOS (and the cPanel version) is deprecated. Would do it now but afraid of mucking things up. I'm just a volunteer and do this for the community - not an expert by any means. 2, Python 2.7.5 3. Mailman 2.1.39 4. Mailman installed by host. I'm on a vps with root access. As for listinfo.html, I see 2 pertinent files. on under ../en/templates (this list is just english) and under ../lists/[name of our list]/ . The templates version includes a few lines of captcha which the lists version doesn't. Here's a snippet of the templates version: [snip] No Yes -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: spamming
On 12/13/23 10:00, Jim Dory wrote: As for listinfo.html, I see 2 pertinent files. on under ../en/templates (this list is just english) and under ../lists/[name of our list]/ . The templates version includes a few lines of captcha which the lists version doesn't. Here's a snippet of the templates version: This is your problem. You have a list specific version of the listinfo.html template in lists/listname/en/listinfo.html which was probably created on an older version before the captchas were implemented. You need to diff lists/listname/en/listinfo.html with templates/en/listinfo.html. Part of the diff will be the absence of the tags in lists/listname/en/listinfo.html which need to be added. If that's the only diff, you can simply remove lists/listname/en/listinfo.html and fall back to the default, but if you had local changes in lists/listname/en/listinfo.html, you probably want to keep those and just add the missing captcha tags. However, the only issue from those missing tags should be an inability to subscribe via the listinfo page. It shouldn't affect login to the admin or admindb pages and it shouldn't cause a Bad Request error. If after fixing the template, you still can't log in, We would like to see the full traceback from Mailman's logs/error log. It's possible this is a cPanel issue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: spamming
On 12/13/23 12:08, Mark Sapiro wrote: On 12/13/23 10:00, Jim Dory wrote: As for listinfo.html, I see 2 pertinent files. on under ../en/templates (this list is just english) and under ../lists/[name of our list]/ . The templates version includes a few lines of captcha which the lists version doesn't. Here's a snippet of the templates version: This is your problem. You have a list specific version of the listinfo.html template in lists/listname/en/listinfo.html which was probably created on an older version before the captchas were implemented. You need to diff lists/listname/en/listinfo.html with templates/en/listinfo.html. Part of the diff will be the absence of the tags in lists/listname/en/listinfo.html which need to be added. If that's the only diff, you can simply remove lists/listname/en/listinfo.html and fall back to the default, but if you had local changes in lists/listname/en/listinfo.html, you probably want to keep those and just add the missing captcha tags. However, the only issue from those missing tags should be an inability to subscribe via the listinfo page. It shouldn't affect login to the admin or admindb pages and it shouldn't cause a Bad Request error. If after fixing the template, you still can't log in, We would like to see the full traceback from Mailman's logs/error log. It's possible this is a cPanel issue. Thank you Mark, My bad.. rather than Bad Request error (oiy, my memory), the actual error when enabling the RECAPTCHA strings is this: Bug in Mailman version We're sorry, we hit a bug! Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs or the web server logs. So I looked in the mailman logs - I see several logs but the error one did not have any entry from today. Not sure where I would find a pertinent log such as the "web server logs" in the page error above. What I tried was to hide the lists/[list-name]/en/listinfo.html and replace with the one in templates. I tried without replacing the hidden one first (without yet enacting the RECAPTCHA strings) just to see if the webpage listinfo would load. It did - then tried by replacing it with the templates file, and it also loaded fine. Then I added the RECAPTCHA in the cfg file and that broke the web pages. I did diff the two listinfo files and it seemed there were just too many differences - practically the whole files.. for me to grok. The listinfo file in the lists directory (rather than templates directory) is probably very old. I started the list I think around 2008 (at least that's how far back for the archives), though I did change server once or twice so not sure if it would have carried along. So I'm stuck.. I did look in the mailman/logs/subscribe file and boy - lots of nasty spamming going on there. Sure would like to resolve this - might be time to go for the OS upgrade and maybe a try at Mailman v3. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: spamming
On 12/13/23 17:48, Jim Dory wrote: My bad.. rather than Bad Request error (oiy, my memory), the actual error when enabling the RECAPTCHA strings is this: Bug in Mailman version We're sorry, we hit a bug! Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs or the web server logs. So I looked in the mailman logs - I see several logs but the error one did not have any entry from today. Not sure where I would find a pertinent log such as the "web server logs" in the page error above. The error and traceback should be in /usr/local/cpanel/3rdparty/mailman/logs/error. Is that where you're looking? If you can't find it there, there might be a permissions error. All of the cgi wrappers in /usr/local/cpanel/3rdparty/mailman/cgi-bin should be SETGID and group mailman and all the files in /usr/local/cpanel/3rdparty/mailman/logs/ should be group writable and group mailman. There may be cPanel specifics affecting this that I am unaware of, but see https://wiki.list.org/DOC/Mailman%20and%20CPanel If all else fails you can edit /usr/local/cpanel/3rdparty/mailman/scripts/driver and set `STEALTH_MODE = 0` -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: spamming
On 12/13/23 17:07, Mark Sapiro wrote: On 12/13/23 17:48, Jim Dory wrote: My bad.. rather than Bad Request error (oiy, my memory), the actual error when enabling the RECAPTCHA strings is this: Bug in Mailman version We're sorry, we hit a bug! Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs or the web server logs. So I looked in the mailman logs - I see several logs but the error one did not have any entry from today. Not sure where I would find a pertinent log such as the "web server logs" in the page error above. The error and traceback should be in /usr/local/cpanel/3rdparty/mailman/logs/error. Is that where you're looking? If you can't find it there, there might be a permissions error. All of the cgi wrappers in /usr/local/cpanel/3rdparty/mailman/cgi-bin should be SETGID and group mailman and all the files in /usr/local/cpanel/3rdparty/mailman/logs/ should be group writable and group mailman. There may be cPanel specifics affecting this that I am unaware of, but see https://wiki.list.org/DOC/Mailman%20and%20CPanel If all else fails you can edit /usr/local/cpanel/3rdparty/mailman/scripts/driver and set `STEALTH_MODE = 0` So I believe the cgi-bin files are correct - though it is a bit disturbing since they are highlighted in Red in my terminal. ls -la cgi-bin/ total 316 drwxrwsr-x 2 mailman mailman 4096 Feb 6 2023 . drwxrwsr-x 19 mailman mailman 4096 Dec 13 16:17 .. -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 admin -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 admindb -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 confirm -- 1 mailman mailman 25705 Aug 30 2022 create -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 edithtml -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 listinfo -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 options -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 private -- 1 mailman mailman 25705 Aug 30 2022 rmlist -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 roster -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 subscribe The logs are as you say. The /usr/local/cpanel/3rdparty/mailman/logs/error log still nothing for today. Things like: Dec 03 13:14:26 2023 (68081) private: No such list "xmlrpc.php": Dec 03 13:14:34 2023 (68083) private: No such list "xmlrpc.php": Dec 12 07:44:10 2023 (51139) private: No such list "xmlrpc.php": Dec 12 07:44:10 2023 (51140) listinfo: No such list "xmlrpc.php": Dec 12 07:44:11 2023 (51141) private: No such list "xmlrpc.php": Dec 12 07:44:11 2023 (51144) listinfo: No such list "xmlrpc.php": I checked the link you provided and got my hopes up when I saw one guy with a fix for my particular webpage error - but it didn't affect anything when I tried it. So I'll keep poking around. Jim -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: spamming
On 12/13/23 18:34, Jim Dory wrote: On 12/13/23 17:07, Mark Sapiro wrote: On 12/13/23 17:48, Jim Dory wrote: My bad.. rather than Bad Request error (oiy, my memory), the actual error when enabling the RECAPTCHA strings is this: Bug in Mailman version We're sorry, we hit a bug! Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs or the web server logs. So I looked in the mailman logs - I see several logs but the error one did not have any entry from today. Not sure where I would find a pertinent log such as the "web server logs" in the page error above. The error and traceback should be in /usr/local/cpanel/3rdparty/mailman/logs/error. Is that where you're looking? If you can't find it there, there might be a permissions error. All of the cgi wrappers in /usr/local/cpanel/3rdparty/mailman/cgi-bin should be SETGID and group mailman and all the files in /usr/local/cpanel/3rdparty/mailman/logs/ should be group writable and group mailman. There may be cPanel specifics affecting this that I am unaware of, but see https://wiki.list.org/DOC/Mailman%20and%20CPanel If all else fails you can edit /usr/local/cpanel/3rdparty/mailman/scripts/driver and set `STEALTH_MODE = 0` So I believe the cgi-bin files are correct - though it is a bit disturbing since they are highlighted in Red in my terminal. ls -la cgi-bin/ total 316 drwxrwsr-x 2 mailman mailman 4096 Feb 6 2023 . drwxrwsr-x 19 mailman mailman 4096 Dec 13 16:17 .. -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 admin -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 admindb -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 confirm -- 1 mailman mailman 25705 Aug 30 2022 create -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 edithtml -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 listinfo -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 options -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 private -- 1 mailman mailman 25705 Aug 30 2022 rmlist -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 roster -rwsr-sr-x 1 mailman mailman 25705 Aug 30 2022 subscribe This looks good except for no permissions on create and rmlist, but I suppose that's a cPanel thing because cPanel has it's own way of creating and removing lists via the control panel. The fact that they show red is just `ls -l` emphasizing to you that they are SETGID. The logs are as you say. The /usr/local/cpanel/3rdparty/mailman/logs/error log still nothing for today. Things like: Dec 03 13:14:26 2023 (68081) private: No such list "xmlrpc.php": Dec 03 13:14:34 2023 (68083) private: No such list "xmlrpc.php": Dec 12 07:44:10 2023 (51139) private: No such list "xmlrpc.php": Dec 12 07:44:10 2023 (51140) listinfo: No such list "xmlrpc.php": Dec 12 07:44:11 2023 (51141) private: No such list "xmlrpc.php": Dec 12 07:44:11 2023 (51144) listinfo: No such list "xmlrpc.php": There should be an entry for every "We hit a bug" instance. The fact that there isn't may also be a cPanel thing. Under some circumstances, this info can be written the the stderr of the process which should result in it being written to the web server's error log, e.g. for apache this might be /var/log/apache2/error.log. The web server's config at /etc//* should point to where these logs are. As I said, you can always, at least temporarily, edit /usr/local/cpanel/3rdparty/mailman/scripts/driver and set `STEALTH_MODE = 0` which should display the error info in your browser. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
