#2506: mailman: unsolicited mass subscription attempts
---------------------------+---------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Unplanned
Component: Systems Admin | Keywords: Mailing Lists
---------------------------+---------------------------
This case
https://lists.osgeo.org/pipermail/geoforall/2020-August/005734.html
and many comments to me as a list admin let me investigate the case of
apparent mass subscription attempts: many users to many OSGeo lists.
What I found out by analysing the mailman subscription logs:
This IP 198.46.202.103
{{{
nslookup 198.46.202.103
...
Non-authoritative answer:
103.202.46.198.in-addr.arpa name =
198-46-202-103-host.colocrossing.com.
}}}
tried to subscribe > 2831 (!) different email addresses to 286 OSGeo
lists:
{{{
# how many different email addresses:
grep 198.46.202.103 subscribe* | cut -d' ' -f8 | sort -u | wc -l
2831
# how many OSGeo lists used
grep 198.46.202.103 subscribe* | cut -d' ' -f6 | sort -u | wc -l
286
}}}
Hence, we see a new quality of spammers being active here who try to
subscribe email addresses they apparently have harvested somewhere to
our mailman server, like trying to subscribe one email to many OSGeo
lists. Normally nothing happens (that's why I don't understand yet the
spammer's interest in this) unless the email owner actually accepts the
confirmation email.
Question: can we block these attacks?
Maybe related to #2475
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2506: mailman: unsolicited mass subscription attempts
---------------------------+------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: Mailing Lists |
---------------------------+------------------------
Comment (by neteler):
Found some hints:
* https://mail.python.org/pipermail/mailman-
users/2016-January/080302.html
* https://www.ralfj.de/blog/2018/06/02/mailman-subscription-spam.html
Seems we need (if we don't have yet) to activate some
`SUBSCRIBE_FORM_SECRET` secret.
Anyone?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2506: mailman: unsolicited mass subscription attempts
---------------------------+------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: Mailing Lists |
---------------------------+------------------------
Comment (by cvvergara):
I found this solution
https://www.ralfj.de/blog/2018/06/10/mailman-subscription-spam-
continued.html
at the bottom it mentions:
> Update: With Mailman 2.1.30, this patch is now included upstream. The
CAPTCHAS format is slightly different than above to support multiple
languages; consult the Mailman documentation for further details. /Update
and we have 2.1.20
Will go verify that 2.1.30 does have the capthca
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2506: mailman: unsolicited mass subscription attempts
---------------------------+------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: Mailing Lists |
---------------------------+------------------------
Changes (by strk):
* cc: bjorn (added)
Comment:
Mass unsubscription also happened in postgis-devel. 7 people were
unsubscribed.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2506: mailman: unsolicited mass subscription attempts
---------------------------+------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: Mailing Lists |
---------------------------+------------------------
Comment (by neteler):
Let's pls update mailman.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506#comment:4>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2506: mailman: unsolicited mass subscription attempts
---------------------------+------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: Mailing Lists |
---------------------------+------------------------
Comment (by strk):
Sorry, I see this ticket is about mass _subscription_, not unsubscription.
We probably need another ticket for unsubscription.
Martin: SUBSCRIBE_FORM_SECRET is set already (since 2016)
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506#comment:5>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2506: mailman: unsolicited mass subscription attempts
---------------------------+------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: Mailing Lists |
---------------------------+------------------------
Comment (by strk):
Mailman upgrade ticket is #2174 -- neteler your input is going to be
useful there
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506#comment:6>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2506: mailman: unsolicited mass subscription attempts
---------------------------+----------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2020-II
Component: Systems Admin | Resolution:
Keywords: Mailing Lists |
---------------------------+----------------------------------------
Changes (by strk):
* milestone: Unplanned => Sysadmin Contract 2020-II
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506#comment:7>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2506: mailman: unsolicited mass subscription attempts
---------------------------+----------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2020-II
Component: Systems Admin | Resolution:
Keywords: Mailing Lists |
---------------------------+----------------------------------------
Comment (by strk):
We are at 2.1.34 now, what's left to do for this ticket ?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506#comment:8>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2506: mailman: unsolicited mass subscription attempts
---------------------------+----------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: closed
Priority: blocker | Milestone: Sysadmin Contract 2020-II
Component: Systems Admin | Resolution: fixed
Keywords: Mailing Lists |
---------------------------+----------------------------------------
Changes (by strk):
* status: new => closed
* resolution: => fixed
Comment:
Assuming closed by upgrade. Feel free to reopen if this is not the case.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506#comment:9>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2506: mailman: unsolicited mass subscription attempts
---------------------------+----------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: closed
Priority: blocker | Milestone: Sysadmin Contract 2020-II
Component: Systems Admin | Resolution: fixed
Keywords: Mailing Lists |
---------------------------+----------------------------------------
Comment (by neteler):
I just checked
{{{
/var/log/mailman/subscribe.*
}}}
and no longer see undesired mass-subscription attempts.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506#comment:10>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.