Re: [Mailman-Users] Limiting number of failed login attempts

On Tue, Oct 06, 2015 at 12:07:25AM +0900, Stephen J. Turnbull wrote: > Perhaps a per-user login attempt limit would work for you. Each > (ab)user is different. But I don't think it's a good idea for a > supported feature of Mailman, it's too fragile and it would be an > invitation to an endless s

Re: [Mailman-Users] Limiting number of failed login attempts

Aditya Jain writes: > If I block a particular IP address because some disgruntled person > from the organization is trying to brute force, it will block > access for other legitimate users from that organization (because > they have only one IP dedicated to browsing traffic). This is a social

Re: [Mailman-Users] Limiting number of failed login attempts

Hi, On Monday 05 October 2015 04:19 PM, Laura Creighton wrote: > I think that Aditya Jain's problem is that he (she?) He :) > doesn't understand that fail2ban takes a look at where the attackers > are coming from and bans _their_ Host from connecting. He thought > it worked by making his host un

Re: [Mailman-Users] Limiting number of failed login attempts

I think that Aditya Jain's problem is that he (she?) doesn't understand that fail2ban takes a look at where the attackers are coming from and bans _their_ Host from connecting. He thought it worked by making his host unconnectable, which of course will not work. But I could be wrong .. Laura ---

Re: [Mailman-Users] Limiting number of failed login attempts

On Sun, Oct 04, 2015 at 11:43:55AM +0530, Aditya Jain wrote: > On Sunday 04 October 2015 07:28 AM, Mark Sapiro wrote: > > fail2ban runs on (in this case) the machine on which Mailman's web > > interface runs. It monitors the web server logs and looks for (in this > > case) a minimum number of 401 e

Re: [Mailman-Users] Limiting number of failed login attempts

Hi, Thanks for pointing me to the manual. On Sunday 04 October 2015 07:28 AM, Mark Sapiro wrote: > I'm not sure if you understand fail2ban. See > . > > fail2ban runs on (in this case) the machine on which Mailman's web > interface runs. It monitor

Re: [Mailman-Users] Limiting number of failed login attempts

On 10/3/15 11:51 AM, Aditya Jain wrote: > > Thanks! At the moment I don't have a separate IP for mailman. Therefore > I cannot use fail2ban. But hopefully, a really long password should be > enough to discourage a simple brute force. I'm not sure if you understand fail2ban. See

Re: [Mailman-Users] Limiting number of failed login attempts

Hi, Thanks! At the moment I don't have a separate IP for mailman. Therefore I cannot use fail2ban. But hopefully, a really long password should be enough to discourage a simple brute force. Thanks & Regards Aditya Jain On Saturday 03 October 2015 06:44 PM, Mark Sapiro wrote: > On 10/2/15 3:00 PM

Re: [Mailman-Users] Limiting number of failed login attempts

On 10/2/15 3:00 PM, Aditya Jain wrote: > > Is there a way in which I can limit the number of failed login attempts > to the archive to prevent a brute force attempt? In recent Mailman, both the private CGI and the options CGI return a 401 Unauthorized status for a failed login. This makes it eas

[Mailman-Users] Limiting number of failed login attempts

Hi All, Greetings for the day! I am currently using mailman package from debian repository. I use mailman for a number of private mailing lists. The archives of these mailing lists is also private. Most of the members of these mailing lists do not change their default mailman passwords, which in