Author: C.Peters3 (17 Sep 14 3:31pm)
StarryMessenger.net hasn't sent out a newsletter in 2+ years and the primary list is receiving thousands of bot subscriptions. I mitigated the backscatter spam more than a year ago.
Legit subscriptions, and some bot activity were and are using the domain in the URL ie. http://domain/mailman/subscribe/starrymessenger?email=user@example.com&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe
Bogus subscriptions are using the IP rather than the domain
http://IPv4/mailman/subscribe/starrymessenger?email=189798832@qq.com&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe
I have setup a redirect for the domain and the IP.
domain which might have some legitimate subscription attempts:
RewriteRule ^(.*)$ http://domain/hello_starryskies.txt
IPv4 with all bogus subscriptions.
RewriteRule ^(.*)$ http://domain/hello_bot.txt
I am changing the IPv4 redirect to the honeypot php script, ie doesgodexist/archbishop.php. Is this going to help the project, or is it a bad idea for some reason?
I should also note that mailman has a method to help defend against this attack, but it has to be enabled globally for the whole site and that breaks subscription forms which reside outside the normal mailman subscription page. and that would break how things are done with a few other lists.
|