[Mailman-Users] Limiting number of failed login attempts
Aditya Jain
aj at adityaj.in
Sat Oct 3 20:51:24 CEST 2015
Hi,
Thanks! At the moment I don't have a separate IP for mailman. Therefore
I cannot use fail2ban. But hopefully, a really long password should be
enough to discourage a simple brute force.
Thanks & Regards
Aditya Jain
On Saturday 03 October 2015 06:44 PM, Mark Sapiro wrote:
> On 10/2/15 3:00 PM, Aditya Jain wrote:
>> Is there a way in which I can limit the number of failed login attempts
>> to the archive to prevent a brute force attempt?
>
> In recent Mailman, both the private CGI and the options CGI return a 401
> Unauthorized status for a failed login. This makes it easy to use
> something like fail2ban to block an IP after a number of failed attempts.
>
> Also, You can generate more secure passwords by setting
>
> USER_FRIENDLY_PASSWORDS = No
>
> in mm_cfg.py, and you can make them longer by setting
> MEMBER_PASSWORD_LENGTH = a number > 8.
>
More information about the Mailman-Users
mailing list