On 10/2/15 3:00 PM, Aditya Jain wrote: > > Is there a way in which I can limit the number of failed login attempts > to the archive to prevent a brute force attempt?
In recent Mailman, both the private CGI and the options CGI return a 401 Unauthorized status for a failed login. This makes it easy to use something like fail2ban to block an IP after a number of failed attempts. Also, You can generate more secure passwords by setting USER_FRIENDLY_PASSWORDS = No in mm_cfg.py, and you can make them longer by setting MEMBER_PASSWORD_LENGTH = a number > 8. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
