Message Board

Newbie/Basic Questions

Older Posts ]   [ Newer Posts ]
 Mailman subscription bot
Author: C.Peters3   (17 Sep 14 3:31pm)

StarryMessenger.net hasn't sent out a newsletter in 2+ years and the primary list is receiving thousands of bot subscriptions. I mitigated the backscatter spam more than a year ago.

Legit subscriptions, and some bot activity were and are using the domain in the URL ie. http://domain/mailman/subscribe/starrymessenger?email=user@example.com&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe

Bogus subscriptions are using the IP rather than the domain
http://IPv4/mailman/subscribe/starrymessenger?email=189798832@qq.com&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe

I have setup a redirect for the domain and the IP.
domain which might have some legitimate subscription attempts:
RewriteRule ^(.*)$ http://domain/hello_starryskies.txt

IPv4 with all bogus subscriptions.
RewriteRule ^(.*)$ http://domain/hello_bot.txt

I am changing the IPv4 redirect to the honeypot php script, ie doesgodexist/archbishop.php. Is this going to help the project, or is it a bad idea for some reason?


I should also note that mailman has a method to help defend against this attack, but it has to be enabled globally for the whole site and that breaks subscription forms which reside outside the normal mailman subscription page. and that would break how things are done with a few other lists.



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email