On 19-Apr-18 23:33, Stephen J. Turnbull wrote:
> tlhackque via Mailman-Users writes:
>
> > I'm not sure what you are looking for.
>
> I'm looking for anything that will help block swaths of Chinese
> spammers and possibly attacks, while allowing me to do a better job of
> serving students
tlhackque via Mailman-Users writes:
> I'm not sure what you are looking for.
I'm looking for anything that will help block swaths of Chinese
spammers and possibly attacks, while allowing me to do a better job of
serving students vacationing at home in China than treating them the
way the
Quoting Rich Kulawiec (r...@gsp.org):
> On Mon, Apr 16, 2018 at 09:08:43AM +0200, mailman-admin wrote:
> > Brute Force attempts can only be mitigated by e.g. fail2ban.
>
> Nope. There are other ways.
>
> Brute force attacks can be pre-emptively blocked by nearly everyone
> operating a Mailman
On Thu, 2018-04-19 at 10:08 -0700, Natu wrote:
> On 04/17/2018 08:27 PM, Carl Zwanzig wrote:
> > On 4/17/2018 7:20 AM, Rich Kulawiec wrote:
> >> I stood up a new server last fall with *no* valid ssh access and logged
> >> about 750,000 attempts in a month. Similar patterns.
> >
> > There's a
On 04/17/2018 08:27 PM, Carl Zwanzig wrote:
> On 4/17/2018 7:20 AM, Rich Kulawiec wrote:
>> I stood up a new server last fall with *no* valid ssh access and logged
>> about 750,000 attempts in a month. Similar patterns.
>
> There's a reason I don't put sshd on port 22; moving it elsewhere and
>
On 19-Apr-18 02:46, Stephen J. Turnbull wrote:
> So here's my problem. A lot of my constituency resides in CN,
> occasionally including people at frequently problematic domains like
> 163.com. Do you know any resources (or keywords to start googling
> even!) at subnational levels? KR and CN
Rich Kulawiec writes:
> Brute force attacks can be pre-emptively blocked by nearly everyone
> operating a Mailman instance. (I say "nearly" for specific reasons
> that will become clear below.)
Nice summary!
> 3. The next step depends on the intended audience for your mailing
> lists.
So
On 4/17/2018 7:20 AM, Rich Kulawiec wrote:
I stood up a new server last fall with *no* valid ssh access and logged
about 750,000 attempts in a month. Similar patterns.
There's a reason I don't put sshd on port 22; moving it elsewhere and
blackhole-ing 22 cut the auth log tremendously.
On Mon, Apr 16, 2018 at 02:05:35PM -0400, tlhackque via Mailman-Users wrote:
> Good advice.??? But use httpS: (and make sure the UA validates the server
> certificate).
> Unless you fancy experimenting with DOS attacks.
Yep. You're exactly right.
> But the biggest source of attacks, by far, is
On Mon, 2018-04-16 at 11:06 -0700, Mark Sapiro wrote:
> On 04/16/2018 10:45 AM, Lindsay Haisley wrote:
> >
> > Apache will log the access, with IP addresse, but to the best of my
> > knowledge it won't log a Web UI login failure since this is an internal
> > matter for Mailman.
>
>
> As I said
On 04/16/2018 10:45 AM, Lindsay Haisley wrote:
>
> Apache will log the access, with IP addresse, but to the best of my
> knowledge it won't log a Web UI login failure since this is an internal
> matter for Mailman.
As I said in my prior reply, all Mailman login failures return a 401
status.
On 16-Apr-18 07:38, Rich Kulawiec wrote:
> On Mon, Apr 16, 2018 at 09:08:43AM +0200, mailman-admin wrote:
>> Brute Force attempts can only be mitigated by e.g. fail2ban.
> Nope. There are other ways.
>
> Brute force attacks can be pre-emptively blocked by nearly everyone
> operating a Mailman
On Mon, 2018-04-16 at 13:26 -0400, Robert Heller wrote:
> > > Is there anything / feature that Mailman has that can be used to
> > > watch/monitor it?
> >
> > A related question would be whether there's any way to correlate failed
> > web UI login attempts with IP addresses. It doesn't appear
At Mon, 16 Apr 2018 09:46:21 -0500 fmo...@fmp.com wrote:
>
> On Sun, 2018-04-15 at 22:53 +, Steven Jones wrote:
> > We are currently under brute force attack on our mailman server's web
> > ui.
> >
> >
> > Is there anything / feature that Mailman has that can be used to
> > watch/monitor
On 04/16/2018 07:46 AM, Lindsay Haisley wrote:
>
> A related question would be whether there's any way to correlate failed
> web UI login attempts with IP addresses. It doesn't appear that at
> present Mailman 2 logs failed web UI attempts at all, although I may be
> missing something.
Mailman
On Sun, 2018-04-15 at 22:53 +, Steven Jones wrote:
> We are currently under brute force attack on our mailman server's web
> ui.
>
>
> Is there anything / feature that Mailman has that can be used to
> watch/monitor it?
A related question would be whether there's any way to correlate failed
On 4/15/2018 5:53 PM, Steven Jones wrote:
We are currently under brute force attack on our mailman server's web
ui.
Is there anything / feature that Mailman has that can be used to
watch/monitor it?
Can you elaborate on how they are attacking?
If it's a detectable pattern, I suggest you
On Mon, Apr 16, 2018 at 09:08:43AM +0200, mailman-admin wrote:
> Brute Force attempts can only be mitigated by e.g. fail2ban.
Nope. There are other ways.
Brute force attacks can be pre-emptively blocked by nearly everyone
operating a Mailman instance. (I say "nearly" for specific reasons
that
Hi
Am 16.04.2018 um 00:53 schrieb Steven Jones:
> Hi,
>
> We are currently under brute force attack on our mailman server's web ui.
> Is there anything / feature that Mailman has that can be used to
> watch/monitor it?
> Sadly I think we'll have to remove it off the Internet.
>
>
This is
Hi,
We are currently under brute force attack on our mailman server's web ui.
Is there anything / feature that Mailman has that can be used to watch/monitor
it?
Sadly I think we'll have to remove it off the Internet.
regards
Steven
20 matches
Mail list logo
