14 Sep
2020
14 Sep
'20
2:54 p.m.
Hi,
It seems anybody can go to the site: https://LISTSERVNAME/mailman3/postorius/lists/ and click on the [Sign up] on the top-right corner and create an account. This can easily be automated, even though the next step, confirming the email address, being ignored. I believe it can be used as a target for a DOS attack by creating so many accounts, that eventually causes an 'out of space' error.
Is this a justified concern? Is there a way to manage this feature in a secure way?
Best regards Mohsen Masoudfar Lead System Analyst, IT Operation American Association for the Advancement of Science 1200 New York Ave, NW, Washington, DC 20005 202-326-7087