[Mailman-Users] beefing up mailman's web security
Andrew Stuart
andrew.stuart at supercoders.com.au
Tue Feb 17 01:42:44 CET 2015
I seem to recall this one does not need PHP: http://www.google.com/recaptcha/intro/index.html
On 17 Feb 2015, at 11:38 am, Mark Sapiro <mark at msapiro.net> wrote:
On 02/16/2015 12:20 PM, Steven Jones wrote:
>
> Our mailman web gui is under constant distributed bruteforce attack. We would like to add something like,
>
> https://www.phpcaptcha.org/
>
> to it, is this possible?
It's certainly possible if you have sufficient access, but it may not be
easy depending on what exactly you want to do. Since Mailman's web UI is
CGI based, it isn't easy to include php directly, but you can probably
find python based captchas or textchas that would be easier, but be
aware that captchas are easily broken by current bots and are extremely
annoying to users.
> or are there any other ideas?
If you describe more specifically what the problem is, we may be able to
offer more help. For example, if the issue is bots subscribing to lists
via the subscribe CGI, enabling the Mailman 2.1.16+
SUBSCRIBE_FORM_SECRET feature may help.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users at python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: https://mail.python.org/mailman/options/mailman-users/andrew.stuart%40supercoders.com.au
More information about the Mailman-Users
mailing list