Skip to Content.
Sympa Menu

en - Re: [sympa-users] Spammer harvesting the /sympa/lists page

Subject: The mailing list for listmasters using Sympa

List archive

Chronological Thread  
  • From: David Verdin <address@concealed>
  • To: "Eric G. Wolfe" <address@concealed>
  • Cc: "address@concealed" <address@concealed>
  • Subject: Re: [sympa-users] Spammer harvesting the /sympa/lists page
  • Date: Fri, 11 Dec 2009 11:07:57 +0100

Hi,

What we do here is using the "visibility" parameter to simply hide the list from the list of lists page.
Maybe we could add - optionnaly - an "I am not a spammer" form as a gate to this page.

Cheers,

David

Eric G. Wolfe a écrit :
We are still using Sympa 5.4.7 in production at the moment. However, I noticed this same problem in the Sympa 6.0 lists.tt2 file.

Currently, the "List of lists" loops through the mailing lists and uses javascript document.write(<list name> + @ <robot name>). Recently our "List of lists" page was harvested and a Spam message went out to all the mailing lists. This message did not make it to any of the mailing lists, but was instead stopped by our gateway Spam filter.

My concern is the fact that the page was harvested. I am guessing this is because the javascript output could easily be decoded with a tiny bit of Perl and the LWP module.

I'm curious is there currently any way to protect the /lists page through obfuscation, or a cookie? Are any list masters taking measures to protect this page, from harvesting, on their production systems?


--
David Verdin
Comité réseau des universités



  • Re: [sympa-users] Spammer harvesting the /sympa/lists page, David Verdin, 12/11/2009

Archive powered by MHonArc 2.6.19+.

Top of Page