[Gluster-infra] lists.gluster.org issues this weekend

Michael Scherer mscherer at redhat.com
Tue Sep 19 16:33:35 UTC 2017

Le samedi 16 septembre 2017 à 20:48 +0530, Nigel Babu a écrit :
> Hello folks,
> We have discovered that for the last few weeks our mailman server was
> used
> for a spam attack. The attacker would make use of the + feature
> offered by
> gmail and hotmail. If you send an email to example at hotmail.com,
> example+foo at hotmail.com, example+bar at hotmail.com, it goes to the same
> inbox. We were constantly hit with requests to subscribe to a few
> inboxes.
> These requests overloaded our mail server so much that it gave up. We
> detected this failure because a postmortem email to
> gluster-infra at gluster.org bounced. Any emails sent to our mailman
> server
> may have been on hold for the last 24 hours or so. They should be
> processed
> now as your email provider re-attempts.
> For the moment, we've banned subscribing with an email address with a
> + in
> the name. If you are already subscribed to the lists with a + in your
> email
> address, you will continue to be able to use the lists.
> We're looking at banning the spam IP addresses from being able to hit
> the
> web interface at all. When we have a working alternative, we will
> look at
> removing the current ban of using + in address.

So we have a alternative in place, I pushed a blacklist using
mod_security and a few DNS blacklist:

> Apologies for the outage and a big shout out to Michael for taking
> time out
> of his weekend to debug and fix the issue.

Well, you can thanks the airport in Prague for being less interesting
than a spammer attacking us.

Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.gluster.org/pipermail/gluster-infra/attachments/20170919/533a2129/attachment.sig>

More information about the Gluster-infra mailing list