On 10/3/15 11:51 AM, Aditya Jain wrote: > > Thanks! At the moment I don't have a separate IP for mailman. Therefore > I cannot use fail2ban. But hopefully, a really long password should be > enough to discourage a simple brute force.
I'm not sure if you understand fail2ban. See <http://www.fail2ban.org/wiki/index.php/Main_Page>. fail2ban runs on (in this case) the machine on which Mailman's web interface runs. It monitors the web server logs and looks for (in this case) a minimum number of 401 errors within a given time window from a single IP and if found uses iptables or similar to block access from that IP for a defined time. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
