Ben Cooksley writes:
> A pity, as the subscription form definitely could do with the same
> form of protection.
Think about what you're saying. "Open subscription" either means open
subscription, or an admin has to do all the work. There's no third
way. (Well, there is, but it only applies t
On Tue, Oct 30, 2012 at 6:40 AM, Mark Sapiro wrote:
> Ben Cooksley wrote:
>>
>>It seems that the attackers are capitalizing on Mailman's lack of CSRF
>>protection. Does anyone know if there are plans to add CSRF protection
>>into Mailman 2?
>
>
> It depends what you mean by CSRF protection. If you
* Ben Cooksley :
> Hi all,
>
> We at KDE are currently experiencing attacks upon our Mailman
> installation, attempting to subscribe random email addresses (which
> more often than not are valid unfortunately). These attacks are
> conducted essentially through performing mass HTTP POST requests to
Ben Cooksley wrote:
>
>It seems that the attackers are capitalizing on Mailman's lack of CSRF
>protection. Does anyone know if there are plans to add CSRF protection
>into Mailman 2?
It depends what you mean by CSRF protection. If you mean true
protection based on something like the addition and
On 10/28/2012 1:27 PM, Ben Cooksley wrote:
Alternately, is anyone aware of any form of CAPTCHA protection which
can be applied to Mailman?
There was a recent thread that discussed this very thing: starting at
http://www.mail-archive.com/mailman-users%40python.org/msg61769.html.
z!
Hi all,
We at KDE are currently experiencing attacks upon our Mailman
installation, attempting to subscribe random email addresses (which
more often than not are valid unfortunately). These attacks are
conducted essentially through performing mass HTTP POST requests to
/subscribe/listname with few
