On Tue, 12 Jan 2016, Mark Sapiro wrote:
On 01/12/2016 08:18 AM, Rosenbaum, Larry M. wrote:
From the "NEWS" file:
- There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET ...
This is only partially effective against this attack.
Thanks for the info.
Typical of me, I kept looking for
On 01/12/2016 08:18 AM, Rosenbaum, Larry M. wrote:
>>From the "NEWS" file:
>
> - There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET ...
This is only partially effective against this attack.
On the @python.org lists we see this attack come and go and even with
SUBSCRIBE_FORM_MIN_TIME = 1
On 01/12/2016 01:18 AM, Andrew Daviel wrote:
>
> In the last few days we've seen several thousand bogus subscription
> requests for various lists we host, send through the web interface. They
> seem to mostly originate in China.
>
> We see log entries such as /var/log/mailman/subscribe
> Jan 11 2
>From the "NEWS" file:
- There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put
a dynamically generated, hidden hash in the listinfo subscribe form and
check it upon submission. Setting this will prevent automated processes
(bots) from successfully POSTing web
In the last few days we've seen several thousand bogus subscription
requests for various lists we host, send through the web interface. They
seem to mostly originate in China.
We see log entries such as /var/log/mailman/subscribe
Jan 11 20:50:30 2016 (27666) grsi-users: pending
hellocatboots
