[Mailman-Users] Limiting number of failed login attempts
Aditya Jain
aj at adityaj.in
Mon Oct 5 13:58:15 CEST 2015
Hi,
On Monday 05 October 2015 04:19 PM, Laura Creighton wrote:
> I think that Aditya Jain's problem is that he (she?)
He :)
> doesn't understand that fail2ban takes a look at where the attackers
> are coming from and bans _their_ Host from connecting. He thought
> it worked by making his host unconnectable, which of course will not
> work.
I know how it works, I also use it in some places. The concern that I
have is that most of the requests that my list receives come from very
few organizations. This leaves me with a very small number of client IP
addresses.
If I block a particular IP address because some disgruntled person from
the organization is trying to brute force, it will block access for
other legitimate users from that organization (because they have only
one IP dedicated to browsing traffic). That is why I was looking for
something that can look at the username/email and block request or show
captcha if number of failed attempts cross a certain limit, at
application(mailman) level.
I think this is sounding more like a feature request.
Thanks & Regards
Aditya Jain
More information about the Mailman-Users
mailing list