Skip to Content.
Sympa Menu

en - Re: [sympa-users] Spammer harvesting the /sympa/lists page (follow-up)

Subject: The mailing list for listmasters using Sympa

List archive

Re: [sympa-users] Spammer harvesting the /sympa/lists page (follow-up)

Chronological Thread  
    < Chronological >       < Thread >
  • From: "Eric G. Wolfe" <address@concealed>
  • To: "address@concealed" <address@concealed>
  • Cc: Eddy Beliveau <address@concealed>
  • Subject: Re: [sympa-users] Spammer harvesting the /sympa/lists page (follow-up)
  • Date: Tue, 15 Dec 2009 15:40:33 -0500
Eddy, another user on the Sympa Users mailing list had suggested integrating the "I am not a spammer" cookie from arc_protect.tt2 into lists.tt2. I have not quite figured out the best way to do this yet.

One thing I have done in the meantime is add a restrictive robots.txt to possibly prevent indexing. That really assumes the harvester respects the file though. You can see our robots.txt here: http://lists.marshall.edu/robots.txt

Eric G. Wolfe
Senior Linux Administrator,
IT Infrastructure Systems
--------------------------------------
Marshall University Computing Services
Drinko Library 428-K
One John Marshall Dr.
Huntington, WV 25755
Phone: 304.696.3428
Email: address@concealed

The world is full of people who have never, since childhood, met an
open doorway with an open mind.
-- E. B. White



Eddy Beliveau wrote:
-------- Message original --------
Sujet : [sympa-users] Spammer harvesting the /sympa/lists page
De : Eric G. Wolfe <address@concealed>
Pour : address@concealed <address@concealed>
Date : 2009-11-30 16:40
We are still using Sympa 5.4.7 in production at the moment. However, I noticed this same problem in the Sympa 6.0 lists.tt2 file.

Currently, the "List of lists" loops through the mailing lists and uses javascript document.write(<list name> + @ <robot name>). Recently our "List of lists" page was harvested and a Spam message went out to all the mailing lists. This message did not make it to any of the mailing lists, but was instead stopped by our gateway Spam filter.

My concern is the fact that the page was harvested. I am guessing this is because the javascript output could easily be decoded with a tiny bit of Perl and the LWP module.

I'm curious is there currently any way to protect the /lists page through obfuscation, or a cookie? Are any list masters taking measures to protect this page, from harvesting, on their production systems?

Hi! Eric,

We have the same configuration as yours and have the same concern about harvesting.

Did you get some interesting solution ?

Thanks
Eddy


  • Re: [sympa-users] Spammer harvesting the /sympa/lists page (follow-up), Eric G. Wolfe, 12/15/2009

Archive powered by MHonArc 2.6.19+.

Top of Page