[Mailman-Users] Brute force attacks on mailman web ui
ddewey at cyberthugs.com
ddewey at cyberthugs.com
Thu Apr 19 13:53:20 EDT 2018
Quoting Rich Kulawiec (rsk at gsp.org):
> On Mon, Apr 16, 2018 at 09:08:43AM +0200, mailman-admin wrote:
> > Brute Force attempts can only be mitigated by e.g. fail2ban.
>
> Nope. There are other ways.
>
> Brute force attacks can be pre-emptively blocked by nearly everyone
> operating a Mailman instance. (I say "nearly" for specific reasons
> that will become clear below.)
Great writeup. This is exactly how I've had my firewall configured for
some time, with the drop/edrop and country block lists. I monitor for
breakin attempts and add country blocks as needed... it's interesting
that this seems to be somewhat cyclical in my experience, in that one
month 80% of my brute force attacks are from Turkey, then the next
month it shifts to Brazil (as examples, but I have both of these
countries blocked now).
More information about the Mailman-Users
mailing list