[SAC] [OSGeo] #2506: mailman: unsolicited mass subscription attempts
OSGeo
trac_osgeo at osgeo.org
Mon Aug 31 12:07:32 PDT 2020
#2506: mailman: unsolicited mass subscription attempts
---------------------------+---------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Unplanned
Component: Systems Admin | Keywords: Mailing Lists
---------------------------+---------------------------
This case
https://lists.osgeo.org/pipermail/geoforall/2020-August/005734.html
and many comments to me as a list admin let me investigate the case of
apparent mass subscription attempts: many users to many OSGeo lists.
What I found out by analysing the mailman subscription logs:
This IP 198.46.202.103
{{{
nslookup 198.46.202.103
...
Non-authoritative answer:
103.202.46.198.in-addr.arpa name =
198-46-202-103-host.colocrossing.com.
}}}
tried to subscribe > 2831 (!) different email addresses to 286 OSGeo
lists:
{{{
# how many different email addresses:
grep 198.46.202.103 subscribe* | cut -d' ' -f8 | sort -u | wc -l
2831
# how many OSGeo lists used
grep 198.46.202.103 subscribe* | cut -d' ' -f6 | sort -u | wc -l
286
}}}
Hence, we see a new quality of spammers being active here who try to
subscribe email addresses they apparently have harvested somewhere to
our mailman server, like trying to subscribe one email to many OSGeo
lists. Normally nothing happens (that's why I don't understand yet the
spammer's interest in this) unless the email owner actually accepts the
confirmation email.
Question: can we block these attacks?
Maybe related to #2475
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2506>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list