Opened 5 years ago

Closed 5 years ago

#16344 closed defect (fixed)

Anomalous tor-reports@ subscription requests

Reported by: atagar Owned by: weasel
Priority: Medium Milestone:
Component: Internal Services/Service - lists Version:
Severity: Normal Keywords:
Cc: qbi Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

For months we've gotten complaints from folks who get anomalous subscription requests for tor-reports@. This seems to be unique to this list, and shouldn't be hard to figure out (latest report said they got 300 requests, and considering the volume of complaints I wouldn't be surprised if it's true).

If we took a look at the Mailman subscription requests for tor-reports@ I bet we'd find that gobs were comping from a single source.

Peter: Thoughts? I suspect we don't keep any logs at present and are reluctant to do so for privacy reasons. That said, Karsten and I get almost daily complaints and this seems like it could be a pretty targeted thing to investigate.

Child Tickets

Change History (7)

comment:1 Changed 5 years ago by atagar

Karsten and I are still getting complaints about this. A recent one had a possibly good suggestion: add a captcha to subscriptions. Quick search shows this is what someone else used to address this type of spam...

https://www.dragonsreach.it/2014/05/03/adding-recaptcha-support-to-mailman/

Should this be reassigned to the sysadmin component? I'm not sure Karsten and I have access to do any of the needful to either investigate or fix this.

comment:2 Changed 5 years ago by qbi

Cc: qbi added

comment:3 Changed 5 years ago by qbi

Severity: Normal

Most of the subscription requests come from a site called mailbait.info. I changed the Apache settings to look for the referer. If there is a mailbait referer, which wants to subscribe to some mailing list, the request will get a 403 response. So I hope this helps to resolve this ticket.

comment:4 Changed 5 years ago by atagar

Great, thanks qbi!

comment:5 Changed 5 years ago by qbi

Resolution: fixed
Status: newclosed

I hope with my changes the issue is resolved. Thus I close the ticket.

comment:6 Changed 5 years ago by atagar

Resolution: fixed
Status: closedreopened

Reopening. Sadly we just got another report of this. :(

comment:7 Changed 5 years ago by atagar

Resolution: fixed
Status: reopenedclosed

qbi figured out what was up, it was a different spam service.

Note: See TracTickets for help on using tickets.