18 Dec
2022
18 Dec
'22
7:37 p.m.
So the list's server accepts unauthenticated commands from any IP address and fowards them to the D.O.S. target. This 'feature' of the server doesn't have any legitimate purpose, since people who want to subscribe/unsubscribe/etc should send the commands using their email address, not an unauthenticated 'web' interface. At the very least the web interface should ban tor and have some kind of rate limiting instead of mindlessly fowarding 1000s of messages to one address.