[SAC] Subscription flood at finland list
Pekka Sarkola
pekka at gispo.fi
Wed Nov 25 01:40:16 PST 2015
Hi,
Thanks! It seems flood is now over. We might clean list with Ari later on
(manually, about 10+ false emails).
Rgs,
Pekka
Pekka Sarkola
Gispo Oy
pekka.sarkola at gispo.fi - GSM +358 40 725 2042
www.gispo.fi – www.paikkatieto.com
2015-11-25 10:28 GMT+02:00 Markus Neteler <neteler at osgeo.org>:
> Hi Ari,
>
> On Tue, Nov 24, 2015 at 11:18 PM, Ari Jolma <ari.jolma at gmail.com> wrote:
> > Hi,
> >
> > I manage the osgeo finland list with Pekka Sarkola. During the last 24
> hours
> > there has been over one hundred subscription attempts to the list from
> email
> > addresses, which are more or less obviously fake.
>
> Yes, I see them in the logs.
>
> They use some mailman hole I believe:
>
> lists_ssl_access.log:14.177.51.185 - - [24/Nov/2015:06:55:01 -0800]
> "GET /mailman/subscribe/fdo-commits?email=nnstrawberry03 at hotmail.com
> &fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe
> HTTP/1.1" 200 1101 "http://50.87.144.16/~timvui/boom/" "Mozilla/5.0
> (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"
> ...
> (several thousand log entries like that).
>
> I have now tuned my fail2ban filter for that. According to
>
> tail -f /var/log/apache2/lists_ssl_access.log
> and
> tail -f /var/log/fail2ban.log
>
> it works now:
>
> 2015-11-25 00:24:25,743 fail2ban.actions[3142]: WARNING
> [apache-mailman] Ban 42.118.196.185
> 2015-11-25 00:24:25,752 fail2ban.actions[3142]: WARNING
> [apache-mailman] Ban 14.215.227.66
> 2015-11-25 00:24:25,760 fail2ban.actions[3142]: INFO
> [apache-mailman] 42.118.196.185 already banned
> 2015-11-25 00:24:26,762 fail2ban.actions[3142]: INFO
> [apache-mailman] 42.118.196.185 already banned
> ...
>
> Let me know if the mess continues. We are under some attack at time,
> also the Wiki site.
>
> Best
> Markus
>
> --
> http://consulting.neteler.org
> http://gis.cri.fmach.it/neteler/
> http://courses.neteler.org/blog
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20151125/77bf412a/attachment.html>
More information about the Sac
mailing list