The mailing list for listmasters using Sympa

[David Ayre <address@concealed>]

Most likely that subscriber was coming from the same IP.   We use a tool called fail2ban for adding offending IP's to hosts.deny for brute force login FTP attempts, not sure if this tool could also be used to look at sympa logs and operate on those.  you may want to have a look:

http://www.fail2ban.org/wiki/index.php/Main_Page

On 2-Feb-11, at 2:02 PM, micah anderson wrote:

On Wed, 2 Feb 2011 15:26:45 -0500, Jeff Abbott <address@concealed> wrote:

Sympa community,

We've had a couple instances in the past here at Duke, where third

parties have scraped our publicly visible list of lists

(https://lists.duke.edu/sympa/lists) and then gone through and used

automated tools to attempt to subscribe themselves to each list there (a

lot of which do allow open subscription).  It's easy enough to identify

the offending address -- this past weekend, there was a Gmail address

that subscribed itself to 983 lists before it was brought to my

attention -- but it understandably causes some alarm among list owners.

Interesting, that could be pretty annoying.

I wonder if it would be worth considering a parameter that notified the
administrator if a particular address was subscribed to a certain
percentage of the lists?

That might not work out so well in installations where there are two
lists and everyone is subscribed to all of them, but it could be
configurable?

micah

David Ayre   coordinator of information applications, information technology services  |  tel 604 844 3875 

emily carr university of art + design  |  1399 Johnston Street, Vancouver  BC  V6H 3R9