[SAC] [support.osuosl.org #25425] Spam complaint from UOL [1MY7c3U8E51rj2r06Bu]

Committees SAC mailing list
1

Can someone handle this on the mailman configuration. Sounds like it can
reduce a lot of the bot subscription requests. I can put this info in a
ticket it needed.

Thanks,
Alex

-------- Forwarded Message --------
Subject: [support.osuosl.org #25425] Fwd: Spam complaint from UOL
[1MY7c3U8E51rj2r06Bu]
Date: Thu, 17 Mar 2016 11:14:54 -0700
From: Justin Dugger via RT <support@osuosl.org>
Reply-To: support@osuosl.org
CC: tech@wildintellect.com

OSGEO,

Attached below is one of many reports we've gotten regarding mailman
subscriptions. It's come to my attention that these are not misfiled,
but part of a systemic harrassment tool[1] that floods target inboxes.
The key feature these tools rely on is sending email with a destination
specified in an HTTP GET parameter, without form validation.

Mailman 2.1.16 added in an XSRF token config settting called
SUBSCRIBE_FORM_SECRET, but is disabled by default. It does not appear
lists.osgeo.org has this set, and as a result, jquery get requests can
send subscription requests ad nausem to targets. You can easily verify
this yourself by reviewing HTTP logs containing /mailman/subscribe, and
examining the referrer URLs. Once the setting is deployed, I have found
msapiro's list_pending script[2] useful for tracking the number of
subscriptions pending.

Please review your mailman settings and define a SUBSCRIBE_FORM_SECRET
string in mm_cfg.py, to prevent malicious and unsolicited subscription
requests.

--
Justin Dugger
Senior System Administrator
OSU Open Source Lab

[1]: several examples:
https://www.google.com/?gws_rd=ssl#q="Auto+Suscribe+Email"
[2]: https://www.msapiro.net/scripts/list_pending

On Tue Aug 04 12:53:57 2015, dsu@nero.net wrote:

Attached are spam complaints regarding host(s) you are responsible
for.
Please investigate and follow up to abuse@nero.net
and the original complainant (if requested in the attached email) once
you have taken appropriate actions.

-------- Forwarded Message --------
Subject: Spam complaint from UOL [1MY7c3U8E51rj2r06Bu]
Date: Tue, 4 Aug 2015 06:46:02 -0700
From: abuse-auto@support.juno.com
To: abuse@nero.net

This is an email abuse report for an email message received from IP
140.211.15.134 on 3 Aug 2015

Attached Message Part (121 Bytes)

2

On Thu, Mar 17, 2016 at 7:17 PM, Alex M <tech_dev@wildintellect.com> wrote:

Can someone handle this on the mailman configuration. Sounds like it can
reduce a lot of the bot subscription requests. I can put this info in a
ticket it needed.

Thanks,
Alex

This should get high priority. I regularly get complaints and have not
good answers...

thanks
Markus

3

On Mar 18, 2016, at 8:57 AM, Markus Neteler <neteler@osgeo.org> wrote:

On Thu, Mar 17, 2016 at 7:17 PM, Alex M <tech_dev@wildintellect.com> wrote:

Can someone handle this on the mailman configuration. Sounds like it can
reduce a lot of the bot subscription requests. I can put this info in a
ticket it needed.

Thanks,
Alex

This should get high priority. I regularly get complaints and have not
good answers...

I checked in to attempt to make this update, but it seems I do not have sudo on lists.osgeo.org.

Someone with sudo on that machine will need to make the change, as it is a file system level operation.

Howard

4

On Mon, Mar 21, 2016 at 08:41:00AM -0500, Howard Butler wrote:

I checked in to attempt to make this update, but it seems I do not
have sudo on lists.osgeo.org.

Please try again,

  Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------

5

On Mon, Mar 21, 2016 at 02:48:41PM +0100, Martin Spott wrote:

Please try again,

Tried it myself, feel invited to check if I broke anything ....

  Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------