[MM3-users] Re: Abusive user creation - ideas for mitigating

Andy Smith Wed, 30 Oct 2024 20:59:26 -0700

On Thu, Oct 31, 2024 at 03:30:09AM +0000, Andy Smith wrote:
> Looks like I could probably autogenerate an Apache ACL that lists all
> Tor exit nodes and bans them from posting to /mailman/accounts/signup.


$ wget -qO - 'https://www.dan.me.uk/torlist/?exit' |
    sed 's/^/Require not ip /' |
    sudo tee /etc/apache2/tor-exit-list.conf >/dev/null

    # Block access to the signup form from Tor exit nodes.
    <Location /mailman/accounts/signup>
        <RequireAll>
            Require all granted
            Include /etc/apache2/tor-exit-list.conf
        </RequireAll>
    </Location>

Haven't worked out how to restrict it to POST method only yet, and
updating the list robustly is a job for tomorrow…

Thanks,
Andy
_______________________________________________
Mailman-users mailing list -- mailman-users@mailman3.org
To unsubscribe send an email to mailman-users-le...@mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Archived at: 
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/WKNSSGJCXTRHOOJM7HAXXXX4JAZKOTZT/

This message sent to arch...@mail-archive.com

[MM3-users] Re: Abusive user creation - ideas for mitigating

Reply via email to