On Sun, Oct 04, 2015 at 11:43:55AM +0530, Aditya Jain wrote: > On Sunday 04 October 2015 07:28 AM, Mark Sapiro wrote: > > fail2ban runs on (in this case) the machine on which Mailman's web > > interface runs. It monitors the web server logs and looks for (in this > > case) a minimum number of 401 errors within a given time window from a > > single IP and if found uses iptables or similar to block access from > > that IP for a defined time. > > > I run multiple websites on the same IP and same port. Therefore I was > looking for something that is inside mailman so that access to other > websites is not blocked in case the attempts were genuine. For now I > think I can manage with long passwords.
From the Subject: line, I was going to suggest use of fail2ban… It doesn't matter if there are other sites/services hosted on the same machine/address; fail2ban works on patterns matching in logfiles; if you only want to look at Mailman errors, only configure fail2ban to look at the Mailman (vhost) logs. If you've got (brute force attempt) issues from one host / botnet, preventing access to other things, is surely an added win? -- "To save the world requires faith and courage: faith in reason, and courage to proclaim what reason shows to be true." -- Bertrand Russell ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org