Can someone handle this on the mailman configuration. Sounds like it can
reduce a lot of the bot subscription requests. I can put this info in a
ticket it needed.
Thanks,
Alex
-------- Forwarded Message --------
Subject: [support.osuosl.org #25425] Fwd: Spam complaint from UOL
[1MY7c3U8E51rj2r06Bu]
Date: Thu, 17 Mar 2016 11:14:54 -0700
From: Justin Dugger via RT <support@osuosl.org>
Reply-To: support@osuosl.org
CC: tech@wildintellect.com
OSGEO,
Attached below is one of many reports we've gotten regarding mailman
subscriptions. It's come to my attention that these are not misfiled,
but part of a systemic harrassment tool[1] that floods target inboxes.
The key feature these tools rely on is sending email with a destination
specified in an HTTP GET parameter, without form validation.
Mailman 2.1.16 added in an XSRF token config settting called
SUBSCRIBE_FORM_SECRET, but is disabled by default. It does not appear
lists.osgeo.org has this set, and as a result, jquery get requests can
send subscription requests ad nausem to targets. You can easily verify
this yourself by reviewing HTTP logs containing /mailman/subscribe, and
examining the referrer URLs. Once the setting is deployed, I have found
msapiro's list_pending script[2] useful for tracking the number of
subscriptions pending.
Please review your mailman settings and define a SUBSCRIBE_FORM_SECRET
string in mm_cfg.py, to prevent malicious and unsolicited subscription
requests.
--
Justin Dugger
Senior System Administrator
OSU Open Source Lab
[1]: several examples:
https://www.google.com/?gws_rd=ssl#q="Auto+Suscribe+Email"
[2]: https://www.msapiro.net/scripts/list_pending
On Tue Aug 04 12:53:57 2015, dsu@nero.net wrote:
Attached are spam complaints regarding host(s) you are responsible
for.
Please investigate and follow up to abuse@nero.net
and the original complainant (if requested in the attached email) once
you have taken appropriate actions.-------- Forwarded Message --------
Subject: Spam complaint from UOL [1MY7c3U8E51rj2r06Bu]
Date: Tue, 4 Aug 2015 06:46:02 -0700
From: abuse-auto@support.juno.com
To: abuse@nero.netThis is an email abuse report for an email message received from IP
140.211.15.134 on 3 Aug 2015
Attached Message Part (121 Bytes)