Bots outbreak - Subscriptions pending user confirmation (58)
Daily, I am getting not less than 50 "Subscriptions pending user confirmation".
There must be a way to stop them. I am using https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/thread/B... already.
<Location /accounts/signup> <Limit POST PUT DELETE> Order allow,deny Allow from all Include /opt/mailman/tor-exit-list.conf </Limit> </Location>
wash@eu:/etc/apache2/sites-enabled$ cat /opt/mailman/tor-exit-list.conf | wc -l 2081
Does this mean the restrictions aren't caching them?
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
Odhiambo Washington via Mailman-users writes:
<Location /accounts/signup> <Limit POST PUT DELETE> Order allow,deny
I guess you're using mod_access_compat? Is there some reason you *want* people using TOR to access the non-mutating methods? If I'm not going to allow them to signup, I would just deny them access to that location altogether (ie, use no LIMIT section).
Allow from all Include /opt/mailman/tor-exit-list.conf </Limit></Location>
Assuming that the content of tor-exit-list.conf is a long list of correctly formatted "Deny from" addresses, looks like it should work to me.
cat /opt/mailman/tor-exit-list.conf | wc -l 2081
Does this mean the restrictions aren't caching them?
You'd have to look at the sources of the subscription requests in the log and compare to tor-exit-list to find out. You would also be able to see if TOR exits are being denied.
Steve
participants (2)
-
Odhiambo Washington -
Stephen J. Turnbull