Skip to content

Disable posting to /subscription/form when public subscription form is disabled #2530

New issue
New issue
Closed
Closed
Disable posting to /subscription/form when public subscription form is disabled#2530
Assignees
knadh
Labels
questionFurther information is requested
@errolt

Description

@errolt
errolt
opened on Jun 16, 2025

Hi all,

I'm under bot attack.

I have disabled the public subscription page, but I still get POST requests sent to /subscription/form which results in my server sending dozens of optin emails, all to the same email address. Then the next attack is to another email address.

How do I disable POST to /subscription/form, other than disabling the public subscription page, which is already done?

I'm using the API /api/subscribers to add subscriptions to my lists

Thank you,
Errol

Edit:
This is from my proxy logs:

204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]
204.8.96.177 | [200] POST /subscription/form HTTP/1.1 from https://list.aaa.com/subscription/form [bytes sent : 1533]

Site name changed to prevent further bot spam

Why does this endpoint allow subscribing multiple times(as my email server sends an optin email for every one of those calls) when the api endpoint tells you "already subscribed" when you try to subscribe again?

Metadata

Metadata

Assignees

Labels

questionFurther information is requested

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions