1 Dec
2023
1 Dec
'23
9:19 p.m.
our mailing list system (postorius) is having problems... we're not sure what
it is but it looks like some spammer is entering random addresses into the
"join this mailing list" field and then our system is trying to email a
confirmation to those addresses.
Anyone want to log in and take a look at it, try to figure out what's going
on, and figure out a way to fix it? We might need to add a CAPTCHA or at
least a checkbox or some sort of puzzle so that people can't just
automatically enter email addresses in and have us email them.
-jake
2 Dec
2 Dec
3:01 p.m.
On Fri, Dec 01, 2023 at 09:19:53PM -0800, Jake via sudo-discuss wrote:
our mailing list system (postorius) is having
problems... we're not sure what
it is but it looks like some spammer is entering random addresses into the
"join this mailing list" field and then our system is trying to email a
confirmation to those addresses.
Anyone want to log in and take a look at it, try to figure out what's going
on, and figure out a way to fix it? We might need to add a CAPTCHA or at
least a checkbox or some sort of puzzle so that people can't just
automatically enter email addresses in and have us email them.
I've been doing a bit of investigation on this. It appears that the
spammer is using Tor to make the subscription requests. I see 68
hits to the web interface subscription endpoint within the past day, and
reverse lookups reveal:
sortie-tor.a-n-o-n-y-m-e.net.
LuxembourgTorNew4.Quetzalcoatl-relays.org.
exit-node1.tor-for-privacy.com.
tor-exit-anonymizer.appliedprivacy.net.
tor-exit-anonymizer.appliedprivacy.net.
tor-exit-anonymizer.appliedprivacy.net.
tor-exit-anonymizer.appliedprivacy.net.
vps-b79172cc.vps.ovh.net.
tor-exit-router-xp67.quido.org.
fixecalendar.net.
tor.d-ku.de.
tor-exit.mci.august.is.
tor.node15.shadowbrokers.eu.
tor-exit-14.zbau.f3netze.de.
tor-exit-16.zbau.f3netze.de.
tor-exit-5.zbau.f3netze.de.
tor-exit-6.zbau.f3netze.de.
tor-exit-11.zbau.f3netze.de.
tor-exit-12.zbau.f3netze.de.
berlin01.tor-exit.artikel10.org.
berlin01.tor-exit.artikel10.org.
tor-exit-134.relayon.org.
tor-exit-136.relayon.org.
berlin01.tor-exit.artikel10.org.
berlin01.tor-exit.artikel10.org.
tor-exit-72.cccs.de.
tor-exit-80.cccs.de.
tor-exit-81.cccs.de.
tor-exit-82.cccs.de.
185-220-102-242.torservers.net.
tor-exit-relay-2.anonymizing-proxy.digitalcourage.de.
tor-exit-relay-8.anonymizing-proxy.digitalcourage.de.
185-220-102-8.torservers.net.
vmi1262847.contaboserver.net.
sortie-tor.a-n-o-n-y-m-e.net.
tor-exit1-terrahost08.tuxli.org.
tor-exit-info.middelstaedt.com.
dedicated.sollutium.com.
onion.xor.sc.
22.tor-exit.nothingtohide.nl.
26.tor-exit.nothingtohide.nl.
30.tor-exit.nothingtohide.nl.
33.tor-exit.nothingtohide.nl.
34.tor-exit.nothingtohide.nl.
7.tor-exit.nothingtohide.nl.
12.tor-exit.nothingtohide.nl.
15.tor-exit.nothingtohide.nl.
07.rkv.exit.tor.loki.tel.
tor.exit.1.newyork.shimadate.com.
tor33.quintex.com.
tor59.quintex.com.
tor76.quintex.com.
mail.waytoslowmanagement.de.
tor-exit-router.quido.org.
exitor.zof.sh.
nosoignons.cust.milkywan.net.
this-is-a-tor-node---9.artikel5ev.de.
tor.node14.shadowbrokers.eu.
My knee-jerk reaction would be to block Tor from our mailing list web
interface, but I'd want to put that suggestion to the community first.
Note that users are able to subscribe to mailing lists by direct email
without using the web interface, so if users wish to maintain anonymity,
they still have a path.
--Sean
3:12 p.m.
Yes please block Tor for now, until we have a better solution
-jake
On Sat, Dec 2, 2023, 15:10 Sean Greenslade via sudo-discuss <
sudo-discuss(a)sudoroom.org> wrote:
On Fri, Dec 01, 2023 at 09:19:53PM -0800, Jake via
sudo-discuss wrote:
our mailing list system (postorius) is having
problems... we're not sure
what
it is but it looks like some spammer is entering
random addresses into
the
"join this mailing list" field and then
our system is trying to email a
confirmation to those addresses.
Anyone want to log in and take a look at it, try to figure out what's
going
on, and figure out a way to fix it? We might
need to add a CAPTCHA or at
least a checkbox or some sort of puzzle so that people can't just
automatically enter email addresses in and have us email them.
I've been doing a bit of investigation on this. It appears that the
spammer is using Tor to make the subscription requests. I see 68
hits to the web interface subscription endpoint within the past day, and
reverse lookups reveal:
sortie-tor.a-n-o-n-y-m-e.net.
LuxembourgTorNew4.Quetzalcoatl-relays.org.
exit-node1.tor-for-privacy.com.
tor-exit-anonymizer.appliedprivacy.net.
tor-exit-anonymizer.appliedprivacy.net.
tor-exit-anonymizer.appliedprivacy.net.
tor-exit-anonymizer.appliedprivacy.net.
vps-b79172cc.vps.ovh.net.
tor-exit-router-xp67.quido.org.
fixecalendar.net.
tor.d-ku.de.
tor-exit.mci.august.is.
tor.node15.shadowbrokers.eu.
tor-exit-14.zbau.f3netze.de.
tor-exit-16.zbau.f3netze.de.
tor-exit-5.zbau.f3netze.de.
tor-exit-6.zbau.f3netze.de.
tor-exit-11.zbau.f3netze.de.
tor-exit-12.zbau.f3netze.de.
berlin01.tor-exit.artikel10.org.
berlin01.tor-exit.artikel10.org.
tor-exit-134.relayon.org.
tor-exit-136.relayon.org.
berlin01.tor-exit.artikel10.org.
berlin01.tor-exit.artikel10.org.
tor-exit-72.cccs.de.
tor-exit-80.cccs.de.
tor-exit-81.cccs.de.
tor-exit-82.cccs.de.
185-220-102-242.torservers.net.
tor-exit-relay-2.anonymizing-proxy.digitalcourage.de.
tor-exit-relay-8.anonymizing-proxy.digitalcourage.de.
185-220-102-8.torservers.net.
vmi1262847.contaboserver.net.
sortie-tor.a-n-o-n-y-m-e.net.
tor-exit1-terrahost08.tuxli.org.
tor-exit-info.middelstaedt.com.
dedicated.sollutium.com.
onion.xor.sc.
22.tor-exit.nothingtohide.nl.
26.tor-exit.nothingtohide.nl.
30.tor-exit.nothingtohide.nl.
33.tor-exit.nothingtohide.nl.
34.tor-exit.nothingtohide.nl.
7.tor-exit.nothingtohide.nl.
12.tor-exit.nothingtohide.nl.
15.tor-exit.nothingtohide.nl.
07.rkv.exit.tor.loki.tel.
tor.exit.1.newyork.shimadate.com.
tor33.quintex.com.
tor59.quintex.com.
tor76.quintex.com.
mail.waytoslowmanagement.de.
tor-exit-router.quido.org.
exitor.zof.sh.
nosoignons.cust.milkywan.net.
this-is-a-tor-node---9.artikel5ev.de.
tor.node14.shadowbrokers.eu.
My knee-jerk reaction would be to block Tor from our mailing list web
interface, but I'd want to put that suggestion to the community first.
Note that users are able to subscribe to mailing lists by direct email
without using the web interface, so if users wish to maintain anonymity,
they still have a path.
--Sean
_______________________________________________
sudo-discuss mailing list -- sudo-discuss(a)sudoroom.org
To unsubscribe send an email to sudo-discuss-leave(a)sudoroom.org
More options at
https://sudoroom.org/lists/postorius/lists/sudo-discuss.sudoroom.org/
385
days inactive
385
days old
2 comments
3 participants
participants (3)
-
Jake -
Jake Watters -
Sean Greenslade