[OSGeo] #3385: geopython-security spammed by subscription requests

OSGeoTrac · June 12, 2025, 7:02pm

#3385: geopython-security spammed by subscription requests
-------------------------+---------------------------
Reporter: tomkralidis | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: SysAdmin | Keywords:
-------------------------+---------------------------
Hi per subject. Can anything be done here (even disabling subscription
requests given it is a private list)?

Thanks
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3385>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.

OSGeoTrac · June 16, 2025, 5:21pm

#3385: geopython-security spammed by subscription requests
--------------------------+------------------------------------------------
Reporter: tomkralidis | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2024-III (strk)
Component: | Resolution:
SysAdmin/Mailman |
Keywords: |
--------------------------+------------------------------------------------
Changes (by strk):

* component: SysAdmin => SysAdmin/Mailman
* milestone: Unplanned => Sysadmin Contract 2024-III (strk)

Comment:

I've changed subscription policy to "confirm and approve", which means the
spammer will need to confirm their email before the moderator is hit. Let
me know if that's enough to calm down the spam flood, or we can further
disable subscription requests all togheter.
--
Ticket URL: <#3385 (geopython-security spammed by subscription requests) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.

OSGeoTrac · June 16, 2025, 5:32pm

#3385: geopython-security spammed by subscription requests
--------------------------+------------------------------------------------
Reporter: tomkralidis | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-III (strk)
Component: | Resolution:
SysAdmin/Mailman |
Keywords: |
--------------------------+------------------------------------------------
Changes (by robe):

* milestone: Sysadmin Contract 2024-III (strk) => Sysadmin Contract
2025-III (strk)

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3385#comment:2>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.

OSGeoTrac · June 16, 2025, 5:55pm

#3385: geopython-security spammed by subscription requests
--------------------------+------------------------------------------------
Reporter: tomkralidis | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-III (strk)
Component: | Resolution:
SysAdmin/Mailman |
Keywords: |
--------------------------+------------------------------------------------
Comment (by tomkralidis):

Thanks @strk, we are still getting subscription requests. geopython-
security should be an invite only list (no subscription requests), can we
disable subscription requests altogether?
--
Ticket URL: <#3385 (geopython-security spammed by subscription requests) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.

OSGeoTrac · June 17, 2025, 10:53am

#3385: geopython-security spammed by subscription requests
--------------------------+------------------------------------------------
Reporter: tomkralidis | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-III (strk)
Component: | Resolution:
SysAdmin/Mailman |
Keywords: |
--------------------------+------------------------------------------------
Comment (by strk):

I've banned all email addresses from subscribing.
Let me know if that works.
It's in here, to tweak/clean it yourself directly:
https://lists.osgeo.org/mailman/admin/geopython-
security/?VARHELP=privacy/subscribing/ban_list
--
Ticket URL: <#3385 (geopython-security spammed by subscription requests) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.

OSGeoTrac · June 17, 2025, 12:43pm

#3385: geopython-security spammed by subscription requests
--------------------------+------------------------------------------------
Reporter: tomkralidis | Owner: sac-tickets@…
Type: task | Status: closed
Priority: normal | Milestone: Sysadmin Contract 2025-III (strk)
Component: | Resolution: fixed
SysAdmin/Mailman |
Keywords: |
--------------------------+------------------------------------------------
Changes (by tomkralidis):

* resolution: => fixed
* status: new => closed

Comment:

Thanks @strk, works.
--
Ticket URL: <#3385 (geopython-security spammed by subscription requests) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.

OSGeoTrac · June 20, 2025, 3:43pm

#3385: geopython-security spammed by subscription requests
--------------------------+------------------------------------------------
Reporter: tomkralidis | Owner: sac-tickets@…
Type: task | Status: closed
Priority: normal | Milestone: Sysadmin Contract 2025-III (strk)
Component: | Resolution: fixed
SysAdmin/Mailman |
Keywords: |
--------------------------+------------------------------------------------
Comment (by strk):

for the record: I've now implemented an automatic protection against the
subscription spam, following https://vince.ca/posts/preventing-mailman-
subscription-spam/

There was indeed an IP address subscribing random email addresses (@google
and @yahoo) to all mailing lists, continuously, since at least Jun 16th
and ongoing
--
Ticket URL: <Making sure you're not a bot!;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.