[Mailman-Users] Brute force attacks on mailman web ui
Lindsay Haisley
fmouse at fmp.com
Mon Apr 16 13:45:29 EDT 2018
On Mon, 2018-04-16 at 13:26 -0400, Robert Heller wrote:
> > > Is there anything / feature that Mailman has that can be used to
> > > watch/monitor it?
> >
> > A related question would be whether there's any way to correlate failed
> > web UI login attempts with IP addresses. It doesn't appear that at
> > present Mailman 2 logs failed web UI attempts at all, although I may be
> > missing something.
>
> They might be in Apache's logs.
Apache will log the access, with IP addresse, but to the best of my
knowledge it won't log a Web UI login failure since this is an internal
matter for Mailman.
The connecting IP address is available in the environment to any web
application and it shouldn't be difficult to set up logging for login
failures.
--
Lindsay Haisley | "The first casualty when
FMP Computer Services | war comes is truth."
512-259-1190 |
http://www.fmp.com | -- Hiram W Johnson
More information about the Mailman-Users
mailing list