[MM3-users] Re: Abusive user creation - ideas for mitigating

31 Oct 2024


      On Thu, Oct 31, 2024 at 03:30:09AM +0000, Andy Smith wrote:
...
Looks like I could probably autogenerate an Apache ACL that lists all
Tor exit nodes and bans them from posting to /mailman/accounts/signup.
$ wget -qO - 'https://www.dan.me.uk/torlist/?exit' |
sed 's/^/Require not ip /' |
sudo tee /etc/apache2/tor-exit-list.conf >/dev/null
# Block access to the signup form from Tor exit nodes.
&lt;Location /mailman/accounts/signup>
    &lt;RequireAll>
        Require all granted
        Include /etc/apache2/tor-exit-list.conf
    &lt;/RequireAll>
&lt;/Location>
Haven't worked out how to restrict it to POST method only yet, and
updating the list robustly is a job for tomorrow…
Thanks,
Andy