Hi All,
Many of you would have noticed that now we have started getting additional subscriptions from email addresses with yahoo.com domain, while aol.com continues.
I would like to know and propose whether it is possible to suspend subscription to all wikimedia mailing lists, or at least those affected by this swathe. I would prefer subscriptions suspended to my mailing list instead of getting these 100s of dodgy subscription as there is a high possibility of us missing genuine subscription request among these several hundred spam ones.
Regards, Dhaval Vyas
On 5/10/18 5:29 PM, Dhaval S. Vyas wrote:
Hi All,
Many of you would have noticed that now we have started getting additional subscriptions from email addresses with yahoo.com http://yahoo.com domain, while aol.com http://aol.com continues.
I would like to know and propose whether it is possible to suspend subscription to all wikimedia mailing lists, or at least those affected by this swathe.
I'd support this, as long as some sort of feedback is provided during the blocked subscription attempts. As you say, I'm very worried that I'm overlooking legitimate subscription requests to the lists I administrate because they're lost in the chaff of this attack.
I would prefer subscriptions suspended to my mailing list instead of getting these 100s of dodgy subscription as there is a high possibility of us missing genuine subscription request among these several hundred spam ones.
Regards, Dhaval Vyas
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Me too.
Le jeu. 10 mai 2018 22:32, Andrew Bogott abogott@wikimedia.org a écrit :
On 5/10/18 5:29 PM, Dhaval S. Vyas wrote:
Hi All,
Many of you would have noticed that now we have started getting additional subscriptions from email addresses with yahoo.com domain, while aol.com continues.
I would like to know and propose whether it is possible to suspend subscription to all wikimedia mailing lists, or at least those affected by this swathe.
I'd support this, as long as some sort of feedback is provided during the blocked subscription attempts. As you say, I'm very worried that I'm overlooking legitimate subscription requests to the lists I administrate because they're lost in the chaff of this attack.
I would prefer subscriptions suspended to my mailing list instead of getting these 100s of dodgy subscription as there is a high possibility of us missing genuine subscription request among these several hundred spam ones.
Regards, Dhaval Vyas
Listadmins mailing listListadmins@lists.wikimedia.orghttps://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
I can't speak for doing it globally but on your own lists you can go to the Subscription rules (under privacy options) and add "^.*$" (no quotes, this bans "everything") to a new line under List of addresses which are banned from membership in this mailing list (the 'ban_list'). It will also ban you from adding people manually but you can temporarily remove it and add back. I've done this on a couple lists I moderate which didn't generally accept new subscriptions anyway atm and has stopped the spam.
*James Alexander* Manager, Trust & Safety Wikimedia Foundation
On Thu, May 10, 2018 at 3:40 PM Kangah Donatien KOFFI < donatien.kanga@gmail.com> wrote:
Me too.
Le jeu. 10 mai 2018 22:32, Andrew Bogott abogott@wikimedia.org a écrit :
On 5/10/18 5:29 PM, Dhaval S. Vyas wrote:
Hi All,
Many of you would have noticed that now we have started getting additional subscriptions from email addresses with yahoo.com domain, while aol.com continues.
I would like to know and propose whether it is possible to suspend subscription to all wikimedia mailing lists, or at least those affected by this swathe.
I'd support this, as long as some sort of feedback is provided during the blocked subscription attempts. As you say, I'm very worried that I'm overlooking legitimate subscription requests to the lists I administrate because they're lost in the chaff of this attack.
I would prefer subscriptions suspended to my mailing list instead of getting these 100s of dodgy subscription as there is a high possibility of us missing genuine subscription request among these several hundred spam ones.
Regards, Dhaval Vyas
Listadmins mailing listListadmins@lists.wikimedia.orghttps://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Hello.
Am 11.05.18 um 00:47 schrieb James Alexander:
I can't speak for doing it globally but on your own lists you can go to the Subscription rules (under privacy options) and add "^.*$" (no quotes, this bans "everything") to a new line under List of addresses which are banned from membership in this mailing list (the 'ban_list'). It will also ban you from adding people manually but you can temporarily remove it and add back. I've done this on a couple lists I moderate which didn't generally accept new subscriptions anyway atm and has stopped the spam.
That doesn't work for "my" lists, there are still subscriptions, and as I deleted more than 500 pending requests manually today, I again kindly request any global solution. Please!
The regex isn't working for me either. @Leon Liesener: what exactly should I remove in the HTML interface?
I'm afraid I will remove too much...
Trijnstel ________________________________ Van: Listadmins listadmins-bounces@lists.wikimedia.org namens Patrick Rother krd@gulu.net Verzonden: vrijdag 11 mei 2018 19:35 Aan: listadmins@lists.wikimedia.org Onderwerp: Re: [List admins] aol.com continues, yahoo.com started
Hello.
Am 11.05.18 um 00:47 schrieb James Alexander:
I can't speak for doing it globally but on your own lists you can go to the Subscription rules (under privacy options) and add "^.*$" (no quotes, this bans "everything") to a new line under List of addresses which are banned from membership in this mailing list (the 'ban_list'). It will also ban you from adding people manually but you can temporarily remove it and add back. I've done this on a couple lists I moderate which didn't generally accept new subscriptions anyway atm and has stopped the spam.
That doesn't work for "my" lists, there are still subscriptions, and as I deleted more than 500 pending requests manually today, I again kindly request any global solution. Please!
_______________________________________________ Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
That depends. In case you have the default page design the code snippet should look like
<div class="box-content" id="subscribe"> <h3 class="title title01">Subscribe</h3> <MM-Subscribe-Form-Start> <table> <tr><td>Your e-mail address:</td><td><MM-Subscribe-Box></td></tr> <tr><td>Your name (optional):</td><td><mm-fullname-box></td></tr> <!-- Optional Password Fields (can leave out for public lists as Mailman auto-generates) --> <!-- Password reminders can always be requested through web interface --> <!-- Most likely only to be used with lists with private archives or subscription lists --> <!-- <tr><td>Password:</td><td><MM-New-Password-Box></td></tr> --> <!-- <tr><td>Confirm Password:</td><td><MM-Confirm-Password></td></tr> --> <!-- Part of the multilingual selector below --> <tr><td>Preferred language:</td><td><MM-list-langs></td></tr> </table> <p><MM-Reminder></p> <p><mm-digest-question-start> Would you like to receive list mail batched in a daily digest? <MM-Undigest-Radio-Button> No <MM-Digest-Radio-Button> Yes <mm-digest-question-end></p> <!-- MM-List-Subscription-Msg gives extra details about the subscription rules of the list --> <!-- This is optional, and will include variations between subscription rules (confirm vs confirm and approve) --> <!-- On the majority of lists this can be commented out as subscription rules will simply be confirm --> <MM-List-Subscription-Msg> <p style="text-align: center"><MM-Subscribe-Button><MM-Form-End></p> </div>
which would remove the entire "Subscribe" section, including the subscription form.
Regards, Leon
Am 11.05.2018 um 20:25 schrieb Trijnstel wp trijnstel@hotmail.com:
The regex isn't working for me either. @Leon Liesener: what exactly should I remove in the HTML interface?
I'm afraid I will remove too much...
Trijnstel
Van: Listadmins listadmins-bounces@lists.wikimedia.org namens Patrick Rother krd@gulu.net Verzonden: vrijdag 11 mei 2018 19:35 Aan: listadmins@lists.wikimedia.org Onderwerp: Re: [List admins] aol.com continues, yahoo.com started
Hello.
Am 11.05.18 um 00:47 schrieb James Alexander:
I can't speak for doing it globally but on your own lists you can go to the Subscription rules (under privacy options) and add "^.*$" (no quotes, this bans "everything") to a new line under List of addresses which are banned from membership in this mailing list (the 'ban_list'). It will also ban you from adding people manually but you can temporarily remove it and add back. I've done this on a couple lists I moderate which didn't generally accept new subscriptions anyway atm and has stopped the spam.
That doesn't work for "my" lists, there are still subscriptions, and as I deleted more than 500 pending requests manually today, I again kindly request any global solution. Please!
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins _______________________________________________ Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
I tried commenting out the subscription form for volunteer-supporters [1], as Leon suggested, yet I'm still getting some subscription requests. How are these bots sending through their requests?
Also, as someone mentioned in another email, the regex "^.*$" is for subscription, but not for *subscription requests*
Has anyone had luck with any other method?
[1]: https://lists.wikimedia.org/mailman/listinfo/volunteer-supporters
On Fri, May 11, 2018 at 2:17 PM, Leon Liesener leon.liesener@wikipedia.de wrote:
That depends. In case you have the default page design the code snippet should look like
<div class="box-content" id="subscribe"> <h3 class="title title01">Subscribe</h3> <MM-Subscribe-Form-Start> <table> <tr><td>Your e-mail address:</td><td><MM-
Subscribe-Box></td></tr> <tr><td>Your name (optional):</td><td><mm- fullname-box></td></tr> <!-- Optional Password Fields (can leave out for public lists as Mailman auto-generates) --> <!-- Password reminders can always be requested through web interface --> <!-- Most likely only to be used with lists with private archives or subscription lists --> <!-- <tr><td>Password:</td><td><MM-New-Password-Box></td></tr> --> <!-- <tr><td>Confirm Password:</td><td><MM-Confirm-Password></td></tr> --> <!-- Part of the multilingual selector below --> <tr><td>Preferred language:</td><td><MM-list-langs></td></tr> </table> <p><MM-Reminder></p> <p><mm-digest-question-start> Would you like to receive list mail batched in a daily digest? <MM-Undigest-Radio-Button> No <MM-Digest-Radio-Button> Yes <mm-digest-question-end></p> <!-- MM-List-Subscription-Msg gives extra details about the subscription rules of the list --> <!-- This is optional, and will include variations between subscription rules (confirm vs confirm and approve) --> <!-- On the majority of lists this can be commented out as subscription rules will simply be confirm --> <MM-List-Subscription-Msg> <p style="text-align: center"><MM-Subscribe-Button>< MM-Form-End></p> </div>
which would remove the entire "Subscribe" section, including the subscription form.
Regards, Leon
Am 11.05.2018 um 20:25 schrieb Trijnstel wp trijnstel@hotmail.com:
The regex isn't working for me either. @Leon Liesener: what exactly should I remove in the HTML interface?
I'm afraid I will remove too much...
Trijnstel
*Van:* Listadmins listadmins-bounces@lists.wikimedia.org namens Patrick Rother krd@gulu.net *Verzonden:* vrijdag 11 mei 2018 19:35 *Aan:* listadmins@lists.wikimedia.org *Onderwerp:* Re: [List admins] aol.com continues, yahoo.com started
Hello.
Am 11.05.18 um 00:47 schrieb James Alexander:
I can't speak for doing it globally but on your own lists you can go to the Subscription rules (under privacy options) and add "^.*$" (no quotes, this bans "everything") to a new line under List of addresses which are banned from membership in this mailing list (the 'ban_list'). It will also ban you from adding people manually but you can temporarily remove it and add back. I've done this on a couple lists I moderate which didn't generally accept new subscriptions anyway atm and has stopped the spam.
That doesn't work for "my" lists, there are still subscriptions, and as I deleted more than 500 pending requests manually today, I again kindly request any global solution. Please!
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Has any of the sysadmins done an investigation on the source of these subscriptions? Is is a few specific IPs?
Mailman can be patched to support reCAPTCHA[1] so maybe we should consider using that?
While the issue of multiple subscriptions is seen as an annoyance right now, it indeed signifies a higher underlying issue: mailman (at least in the way it is configured for WMF lists) does not prevent this kind of abuse.
[1] https://www.dragonsreach.it/2014/05/03/adding-recaptcha-support-to-mailman/
On Fri, May 11, 2018 at 8:10 PM, Andy Cruz y Corro andycyca@gmail.com wrote:
I tried commenting out the subscription form for volunteer-supporters [1], as Leon suggested, yet I'm still getting some subscription requests. How are these bots sending through their requests?
Also, as someone mentioned in another email, the regex "^.*$" is for subscription, but not for *subscription requests*
Has anyone had luck with any other method?
On Fri, May 11, 2018 at 2:17 PM, Leon Liesener <leon.liesener@wikipedia.de
wrote:
That depends. In case you have the default page design the code snippet should look like
<div class="box-content" id="subscribe"> <h3 class="title title01">Subscribe</h3> <MM-Subscribe-Form-Start> <table> <tr><td>Your e-mail address:</td><td><MM-Subscribe
-Box></td></tr> <tr><td>Your name (optional):</td><td><mm-fullna me-box></td></tr> <!-- Optional Password Fields (can leave out for public lists as Mailman auto-generates) --> <!-- Password reminders can always be requested through web interface --> <!-- Most likely only to be used with lists with private archives or subscription lists --> <!-- <tr><td>Password:</td><td><MM-New-Password-Box></td></tr> --> <!-- <tr><td>Confirm Password:</td><td><MM-Confirm-Password></td></tr> --> <!-- Part of the multilingual selector below --> <tr><td>Preferred language:</td><td><MM-list-langs></td></tr> </table> <p><MM-Reminder></p> <p><mm-digest-question-start> Would you like to receive list mail batched in a daily digest? <MM-Undigest-Radio-Button> No <MM-Digest-Radio-Button> Yes <mm-digest-question-end></p> <!-- MM-List-Subscription-Msg gives extra details about the subscription rules of the list --> <!-- This is optional, and will include variations between subscription rules (confirm vs confirm and approve) --> <!-- On the majority of lists this can be commented out as subscription rules will simply be confirm --> <MM-List-Subscription-Msg> <p style="text-align: center"><MM-Subscribe-Button>< MM-Form-End></p> </div>
which would remove the entire "Subscribe" section, including the subscription form.
Regards, Leon
Am 11.05.2018 um 20:25 schrieb Trijnstel wp trijnstel@hotmail.com:
The regex isn't working for me either. @Leon Liesener: what exactly should I remove in the HTML interface?
I'm afraid I will remove too much...
Trijnstel
*Van:* Listadmins listadmins-bounces@lists.wikimedia.org namens Patrick Rother krd@gulu.net *Verzonden:* vrijdag 11 mei 2018 19:35 *Aan:* listadmins@lists.wikimedia.org *Onderwerp:* Re: [List admins] aol.com continues, yahoo.com started
Hello.
Am 11.05.18 um 00:47 schrieb James Alexander:
I can't speak for doing it globally but on your own lists you can go to the Subscription rules (under privacy options) and add "^.*$" (no quotes, this bans "everything") to a new line under List of addresses which are banned from membership in this mailing list (the 'ban_list'). It will also ban you from adding people manually but you can temporarily remove it and add back. I've done this on a couple lists I moderate which didn't generally accept new subscriptions anyway atm and has stopped the spam.
That doesn't work for "my" lists, there are still subscriptions, and as I deleted more than 500 pending requests manually today, I again kindly request any global solution. Please!
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
--
https://about.me/andycyca?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api Andrés C y C about.me/andycyca https://about.me/andycyca?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
There seems to be a second subscription method which involves a -request suffix. Google suggested the following solution: https://is.richmond.edu/email/mail-lists/block-requests.html TL;DR: an "Auto-response" for subscrition requests can be set up by setting "autorespond_requests" to "Yes, w/ discard". "autorespond_requests_text" allows to configure a text which is being sent to the subscriber as part of the auto-response. Perhaps this helps.
Regards, Leon
Am 12.05.2018 um 02:10 schrieb Andy Cruz y Corro andycyca@gmail.com:
I tried commenting out the subscription form for volunteer-supporters [1], as Leon suggested, yet I'm still getting some subscription requests. How are these bots sending through their requests?
Also, as someone mentioned in another email, the regex "^.*$" is for subscription, but not for *subscription requests*
Has anyone had luck with any other method?
On Fri, May 11, 2018 at 2:17 PM, Leon Liesener leon.liesener@wikipedia.de wrote: That depends. In case you have the default page design the code snippet should look like
<div class="box-content" id="subscribe"> <h3 class="title title01">Subscribe</h3> <MM-Subscribe-Form-Start> <table> <tr><td>Your e-mail address:</td><td><MM-Subscribe-Box></td></tr> <tr><td>Your name (optional):</td><td><mm-fullname-box></td></tr> <!-- Optional Password Fields (can leave out for public lists as Mailman auto-generates) --> <!-- Password reminders can always be requested through web interface --> <!-- Most likely only to be used with lists with private archives or subscription lists --> <!-- <tr><td>Password:</td><td><MM-New-Password-Box></td></tr> --> <!-- <tr><td>Confirm Password:</td><td><MM-Confirm-Password></td></tr> --> <!-- Part of the multilingual selector below --> <tr><td>Preferred language:</td><td><MM-list-langs></td></tr> </table> <p><MM-Reminder></p> <p><mm-digest-question-start> Would you like to receive list mail batched in a daily digest? <MM-Undigest-Radio-Button> No <MM-Digest-Radio-Button> Yes <mm-digest-question-end></p> <!-- MM-List-Subscription-Msg gives extra details about the subscription rules of the list --> <!-- This is optional, and will include variations between subscription rules (confirm vs confirm and approve) --> <!-- On the majority of lists this can be commented out as subscription rules will simply be confirm --> <MM-List-Subscription-Msg> <p style="text-align: center"><MM-Subscribe-Button><MM-Form-End></p> </div>
which would remove the entire "Subscribe" section, including the subscription form.
Regards, Leon
Am 11.05.2018 um 20:25 schrieb Trijnstel wp trijnstel@hotmail.com:
The regex isn't working for me either. @Leon Liesener: what exactly should I remove in the HTML interface?
I'm afraid I will remove too much...
Trijnstel
Van: Listadmins listadmins-bounces@lists.wikimedia.org namens Patrick Rother krd@gulu.net Verzonden: vrijdag 11 mei 2018 19:35 Aan: listadmins@lists.wikimedia.org Onderwerp: Re: [List admins] aol.com continues, yahoo.com started
Hello.
Am 11.05.18 um 00:47 schrieb James Alexander:
I can't speak for doing it globally but on your own lists you can go to the Subscription rules (under privacy options) and add "^.*$" (no quotes, this bans "everything") to a new line under List of addresses which are banned from membership in this mailing list (the 'ban_list'). It will also ban you from adding people manually but you can temporarily remove it and add back. I've done this on a couple lists I moderate which didn't generally accept new subscriptions anyway atm and has stopped the spam.
That doesn't work for "my" lists, there are still subscriptions, and as I deleted more than 500 pending requests manually today, I again kindly request any global solution. Please!
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins _______________________________________________ Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
--
Andrés C y C about.me/andycyca _______________________________________________ Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
The reCAPTCHA idea makes a lot of sense so I created https://phabricator.wikimedia.org/T194558
On Fri, May 11, 2018 at 8:30 PM, Leon Liesener leon.liesener@wikipedia.de wrote:
There seems to be a second subscription method which involves a -request suffix. Google suggested the following solution: https://is.richmond. edu/email/mail-lists/block-requests.html TL;DR: an "Auto-response" for subscrition requests can be set up by setting "autorespond_requests" to "Yes, w/ discard". "autorespond_requests_text" allows to configure a text which is being sent to the subscriber as part of the auto-response. Perhaps this helps.
Regards, Leon
Am 12.05.2018 um 02:10 schrieb Andy Cruz y Corro andycyca@gmail.com:
I tried commenting out the subscription form for volunteer-supporters [1], as Leon suggested, yet I'm still getting some subscription requests. How are these bots sending through their requests?
Also, as someone mentioned in another email, the regex "^.*$" is for subscription, but not for *subscription requests*
Has anyone had luck with any other method?
On Fri, May 11, 2018 at 2:17 PM, Leon Liesener <leon.liesener@wikipedia.de
wrote:
That depends. In case you have the default page design the code snippet should look like
<div class="box-content" id="subscribe"> <h3 class="title title01">Subscribe</h3> <MM-Subscribe-Form-Start> <table> <tr><td>Your e-mail address:</td><td><MM-Subscribe
-Box></td></tr> <tr><td>Your name (optional):</td><td><mm-fullna me-box></td></tr> <!-- Optional Password Fields (can leave out for public lists as Mailman auto-generates) --> <!-- Password reminders can always be requested through web interface --> <!-- Most likely only to be used with lists with private archives or subscription lists --> <!-- <tr><td>Password:</td><td><MM-New-Password-Box></td></tr> --> <!-- <tr><td>Confirm Password:</td><td><MM-Confirm-Password></td></tr> --> <!-- Part of the multilingual selector below --> <tr><td>Preferred language:</td><td><MM-list-langs></td></tr> </table> <p><MM-Reminder></p> <p><mm-digest-question-start> Would you like to receive list mail batched in a daily digest? <MM-Undigest-Radio-Button> No <MM-Digest-Radio-Button> Yes <mm-digest-question-end></p> <!-- MM-List-Subscription-Msg gives extra details about the subscription rules of the list --> <!-- This is optional, and will include variations between subscription rules (confirm vs confirm and approve) --> <!-- On the majority of lists this can be commented out as subscription rules will simply be confirm --> <MM-List-Subscription-Msg> <p style="text-align: center"><MM-Subscribe-Button>< MM-Form-End></p> </div>
which would remove the entire "Subscribe" section, including the subscription form.
Regards, Leon
Am 11.05.2018 um 20:25 schrieb Trijnstel wp trijnstel@hotmail.com:
The regex isn't working for me either. @Leon Liesener: what exactly should I remove in the HTML interface?
I'm afraid I will remove too much...
Trijnstel
*Van:* Listadmins listadmins-bounces@lists.wikimedia.org namens Patrick Rother krd@gulu.net *Verzonden:* vrijdag 11 mei 2018 19:35 *Aan:* listadmins@lists.wikimedia.org *Onderwerp:* Re: [List admins] aol.com continues, yahoo.com started
Hello.
Am 11.05.18 um 00:47 schrieb James Alexander:
I can't speak for doing it globally but on your own lists you can go to the Subscription rules (under privacy options) and add "^.*$" (no quotes, this bans "everything") to a new line under List of addresses which are banned from membership in this mailing list (the 'ban_list'). It will also ban you from adding people manually but you can temporarily remove it and add back. I've done this on a couple lists I moderate which didn't generally accept new subscriptions anyway atm and has stopped the spam.
That doesn't work for "my" lists, there are still subscriptions, and as I deleted more than 500 pending requests manually today, I again kindly request any global solution. Please!
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
--
https://about.me/andycyca?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api Andrés C y C about.me/andycyca https://about.me/andycyca?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Thank you for the suggestion, but that doesn't work either sadly.
Trijnstel
________________________________ Van: Listadmins listadmins-bounces@lists.wikimedia.org namens Leon Liesener leon.liesener@wikipedia.de Verzonden: zaterdag 12 mei 2018 02:30 Aan: List for discussions and announcements related to lists.wikimedia.org Onderwerp: Re: [List admins] aol.com continues, yahoo.com started
There seems to be a second subscription method which involves a -request suffix. Google suggested the following solution: https://is.richmond.edu/email/mail-lists/block-requests.html TL;DR: an "Auto-response" for subscrition requests can be set up by setting "autorespond_requests" to "Yes, w/ discard". "autorespond_requests_text" allows to configure a text which is being sent to the subscriber as part of the auto-response. Perhaps this helps.
Regards, Leon
Am 12.05.2018 um 02:10 schrieb Andy Cruz y Corro <andycyca@gmail.commailto:andycyca@gmail.com>:
I tried commenting out the subscription form for volunteer-supporters [1], as Leon suggested, yet I'm still getting some subscription requests. How are these bots sending through their requests?
Also, as someone mentioned in another email, the regex "^.*$" is for subscription, but not for *subscription requests*
Has anyone had luck with any other method?
[1]: https://lists.wikimedia.org/mailman/listinfo/volunteer-supporters
On Fri, May 11, 2018 at 2:17 PM, Leon Liesener <leon.liesener@wikipedia.demailto:leon.liesener@wikipedia.de> wrote: That depends. In case you have the default page design the code snippet should look like
<div class="box-content" id="subscribe"> <h3 class="title title01">Subscribe</h3> <MM-Subscribe-Form-Start> <table> <tr><td>Your e-mail address:</td><td><MM-Subscribe-Box></td></tr> <tr><td>Your name (optional):</td><td><mm-fullname-box></td></tr> <!-- Optional Password Fields (can leave out for public lists as Mailman auto-generates) --> <!-- Password reminders can always be requested through web interface --> <!-- Most likely only to be used with lists with private archives or subscription lists --> <!-- <tr><td>Password:</td><td><MM-New-Password-Box></td></tr> --> <!-- <tr><td>Confirm Password:</td><td><MM-Confirm-Password></td></tr> --> <!-- Part of the multilingual selector below --> <tr><td>Preferred language:</td><td><MM-list-langs></td></tr> </table> <p><MM-Reminder></p> <p><mm-digest-question-start> Would you like to receive list mail batched in a daily digest? <MM-Undigest-Radio-Button> No <MM-Digest-Radio-Button> Yes <mm-digest-question-end></p> <!-- MM-List-Subscription-Msg gives extra details about the subscription rules of the list --> <!-- This is optional, and will include variations between subscription rules (confirm vs confirm and approve) --> <!-- On the majority of lists this can be commented out as subscription rules will simply be confirm --> <MM-List-Subscription-Msg> <p style="text-align: center"><MM-Subscribe-Button><MM-Form-End></p> </div>
which would remove the entire "Subscribe" section, including the subscription form.
Regards, Leon
Am 11.05.2018 um 20:25 schrieb Trijnstel wp <trijnstel@hotmail.commailto:trijnstel@hotmail.com>:
The regex isn't working for me either. @Leon Liesener: what exactly should I remove in the HTML interface?
I'm afraid I will remove too much...
Trijnstel ________________________________ Van: Listadmins <listadmins-bounces@lists.wikimedia.orgmailto:listadmins-bounces@lists.wikimedia.org> namens Patrick Rother <krd@gulu.netmailto:krd@gulu.net> Verzonden: vrijdag 11 mei 2018 19:35 Aan: listadmins@lists.wikimedia.orgmailto:listadmins@lists.wikimedia.org Onderwerp: Re: [List admins] aol.comhttp://aol.com continues, yahoo.comhttp://yahoo.com started
Hello.
Am 11.05.18 um 00:47 schrieb James Alexander:
I can't speak for doing it globally but on your own lists you can go to the Subscription rules (under privacy options) and add "^.*$" (no quotes, this bans "everything") to a new line under List of addresses which are banned from membership in this mailing list (the 'ban_list'). It will also ban you from adding people manually but you can temporarily remove it and add back. I've done this on a couple lists I moderate which didn't generally accept new subscriptions anyway atm and has stopped the spam.
That doesn't work for "my" lists, there are still subscriptions, and as I deleted more than 500 pending requests manually today, I again kindly request any global solution. Please!
_______________________________________________ Listadmins mailing list Listadmins@lists.wikimedia.orgmailto:Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins _______________________________________________ Listadmins mailing list Listadmins@lists.wikimedia.orgmailto:Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
_______________________________________________ Listadmins mailing list Listadmins@lists.wikimedia.orgmailto:Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
-- [https://thumbs.about.me/thumbnail/users/a/n/d/andycyca_emailsig.jpg?_1492482...] https://about.me/andycyca?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api Andrés C y C about.me/andycyca https://about.me/andycyca?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api _______________________________________________ Listadmins mailing list Listadmins@lists.wikimedia.orgmailto:Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Hello.
On Sat, May 12, 2018 at 06:19:05PM +0000, Trijnstel wp wrote:
Thank you for the suggestion, but that doesn't work either sadly.
This is likely the most disappointing issue I encountered in the last years. Time is stolen from a lot of advanced users, and it appears nothing happens to stop that. (I cannot even view all of the mentioned bugs.)
Could anybody please summarize what measures are taken?
I'd also expect anybody to mass remove all pending subscription request, as this cannot any longer be done manually.
Thank you.
We need the mailman server codes to be amended so as to provide a mass delete option for admins as well as a masking mechanism based on email id extensions. Imho
On Sun, May 13, 2018 at 11:12 AM, Patrick Rother krd@gulu.net wrote:
Hello.
On Sat, May 12, 2018 at 06:19:05PM +0000, Trijnstel wp wrote:
Thank you for the suggestion, but that doesn't work either sadly.
This is likely the most disappointing issue I encountered in the last years. Time is stolen from a lot of advanced users, and it appears nothing happens to stop that. (I cannot even view all of the mentioned bugs.)
Could anybody please summarize what measures are taken?
I'd also expect anybody to mass remove all pending subscription request, as this cannot any longer be done manually.
Thank you.
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Dear colleagues,
Do you continue to receive subscription requests from aol/yahoo? It seems to have stopped?
Best regards, M.
2018-05-14 20:50 GMT+02:00 Patrick Rother krd@gulu.net:
Hello.
On Sun, May 13, 2018 at 07:42:07AM +0200, Patrick Rother wrote:
Could anybody please summarize what measures are taken?
Is there any update? Which are the relevant phab tasks?
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
I do receive them, number of aol.com is almost nill, yahoo.com are very low and gmail.com are surging. Got ~30 in last 12 hours.
Regards, Dhaval
On Wed, 16 May 2018, 10:40 MA, strigiwm@gmail.com wrote:
Dear colleagues,
Do you continue to receive subscription requests from aol/yahoo? It seems to have stopped?
Best regards, M.
2018-05-14 20:50 GMT+02:00 Patrick Rother krd@gulu.net:
Hello.
On Sun, May 13, 2018 at 07:42:07AM +0200, Patrick Rother wrote:
Could anybody please summarize what measures are taken?
Is there any update? Which are the relevant phab tasks?
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
On Mon, 2018-05-14 at 20:50 +0200, Patrick Rother wrote:
On Sun, May 13, 2018 at 07:42:07AM +0200, Patrick Rother wrote:
Could anybody please summarize what measures are taken?
Is there any update?
https://gerrit.wikimedia.org/r/#/c/432168/ (rate limiting; enabled) https://gerrit.wikimedia.org/r/#/c/432998/ (proposed)
Which are the relevant phab tasks?
Public: https://phabricator.wikimedia.org/T194597 Private: https://phabricator.wikimedia.org/T194032
andre
They've started using @dublin.com ones, but the rate is very slow I guess thanks due to the Puppet changes we did rate-limiting the requests. If this domain is "weird" so to speak, we could ban it altogether from our servers. Best regards, M.
2018-05-16 13:51 GMT+02:00 Andre Klapper aklapper@wikimedia.org:
On Mon, 2018-05-14 at 20:50 +0200, Patrick Rother wrote:
On Sun, May 13, 2018 at 07:42:07AM +0200, Patrick Rother wrote:
Could anybody please summarize what measures are taken?
Is there any update?
https://gerrit.wikimedia.org/r/#/c/432168/ (rate limiting; enabled) https://gerrit.wikimedia.org/r/#/c/432998/ (proposed)
Which are the relevant phab tasks?
Public: https://phabricator.wikimedia.org/T194597 Private: https://phabricator.wikimedia.org/T194032
andre
Andre Klapper | Wikimedia Bugwrangler https://blogs.gnome.org/aklapper/
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
And now I'm being hit by registration spam from gmail.com addresses for a rather inactive list (50+/day.
I'm currently proposing to close and archive the list - this is unmanageable. Luckily closing is an option here, I pity the list managers that don't have the option.
Lodewijk
On Fri, May 18, 2018 at 5:40 AM, MA strigiwm@gmail.com wrote:
They've started using @dublin.com ones, but the rate is very slow I guess thanks due to the Puppet changes we did rate-limiting the requests. If this domain is "weird" so to speak, we could ban it altogether from our servers. Best regards, M.
2018-05-16 13:51 GMT+02:00 Andre Klapper aklapper@wikimedia.org:
On Mon, 2018-05-14 at 20:50 +0200, Patrick Rother wrote:
On Sun, May 13, 2018 at 07:42:07AM +0200, Patrick Rother wrote:
Could anybody please summarize what measures are taken?
Is there any update?
https://gerrit.wikimedia.org/r/#/c/432168/ (rate limiting; enabled) https://gerrit.wikimedia.org/r/#/c/432998/ (proposed)
Which are the relevant phab tasks?
Public: https://phabricator.wikimedia.org/T194597 Private: https://phabricator.wikimedia.org/T194032
andre
Andre Klapper | Wikimedia Bugwrangler https://blogs.gnome.org/aklapper/
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
2018-05-11 19:35 GMT+02:00 Patrick Rother krd@gulu.net:
That doesn't work for "my" lists, there are still subscriptions, and as I deleted more than 500 pending requests manually today, I again kindly request any global solution. Please!
Ditto, wiki-IT just had ~120/140 requests in the last 18 hours...
I think we should take drastic measures at a global level for a couple of days, of course asking WMF permission and communicating that we're doing it because of an ongoing attack.
I suppose you could remove the subscription form via "edit HTML" in the admin interface. I am not sure if there are other ways to subscribe, but at least on the list I manage the spam seems to have stopped after I have done this.
Regards, Leon
Am 11.05.2018 um 00:29 schrieb Dhaval S. Vyas dsvyas@gmail.com:
Hi All,
Many of you would have noticed that now we have started getting additional subscriptions from email addresses with yahoo.com domain, while aol.com continues.
I would like to know and propose whether it is possible to suspend subscription to all wikimedia mailing lists, or at least those affected by this swathe. I would prefer subscriptions suspended to my mailing list instead of getting these 100s of dodgy subscription as there is a high possibility of us missing genuine subscription request among these several hundred spam ones.
Regards, Dhaval Vyas _______________________________________________ Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
On Fri, May 11, 2018 at 12:30 AM Dhaval S. Vyas dsvyas@gmail.com wrote:
Many of you would have noticed that now we have started getting additional subscriptions from email addresses with yahoo.com domain, while aol.com continues.
I have also seen suspicious-looking google.com adresses (same account multiple times with garbage added after the + mark), might be coincidence though.
I haven't seen any spam in the last 2-3 hours since setting a subscription filter for aol+yahoo (note that some of the existing filter rules might be invalid, in which case mailman will refuse to save any changes to the filter and the error message about that is microscopic), and that's a less disruptive solution than disabling subscription altogether.
Hello,
Is this config https://phabricator.wikimedia.org/source/operations-puppet/browse/production/modules/mailman/files/mm_cfg.py;672819ce64d54b9a5b214beccf68b0e5afc282bb$136 affecting this spamming campaign or is it unrelated?
Thanks, M.
2018-05-11 15:13 GMT+02:00 Gergo Tisza gtisza@wikimedia.org:
On Fri, May 11, 2018 at 12:30 AM Dhaval S. Vyas dsvyas@gmail.com wrote:
Many of you would have noticed that now we have started getting additional subscriptions from email addresses with yahoo.com domain, while aol.com continues.
I have also seen suspicious-looking google.com adresses (same account multiple times with garbage added after the + mark), might be coincidence though.
I haven't seen any spam in the last 2-3 hours since setting a subscription filter for aol+yahoo (note that some of the existing filter rules might be invalid, in which case mailman will refuse to save any changes to the filter and the error message about that is microscopic), and that's a less disruptive solution than disabling subscription altogether.
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Sow... how to ban the yahoo addresses? Cause a complete ban isn't optimal for us, I'd rather have a specific ban.
Vriendelijke groet, Ciell
2018-05-11 15:59 GMT+02:00 MA strigiwm@gmail.com:
Hello,
Is this config https://phabricator.wikimedia.org/source/operations-puppet/browse/production/modules/mailman/files/mm_cfg.py;672819ce64d54b9a5b214beccf68b0e5afc282bb$136 affecting this spamming campaign or is it unrelated?
Thanks, M.
2018-05-11 15:13 GMT+02:00 Gergo Tisza gtisza@wikimedia.org:
On Fri, May 11, 2018 at 12:30 AM Dhaval S. Vyas dsvyas@gmail.com wrote:
Many of you would have noticed that now we have started getting additional subscriptions from email addresses with yahoo.com domain, while aol.com continues.
I have also seen suspicious-looking google.com adresses (same account multiple times with garbage added after the + mark), might be coincidence though.
I haven't seen any spam in the last 2-3 hours since setting a subscription filter for aol+yahoo (note that some of the existing filter rules might be invalid, in which case mailman will refuse to save any changes to the filter and the error message about that is microscopic), and that's a less disruptive solution than disabling subscription altogether.
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
listadmins@lists.wikimedia.org