[Mailman-Users] Fail2ban on the Mailman web interface
Mark Sapiro
mark at msapiro.net
Sun Jun 3 18:53:09 EDT 2018
On 06/03/2018 09:52 AM, Henrique Fagundes wrote:
>
> My idea is that when the attacker / attacker incorrectly enters the
> password of the login field in the web interface, it is blocked. But for
> this to work, it is necessary for MailMan to report unsuccessful login
> attempts in its log.
Mailman reports all authentication failures to the web server with a 401
status. Here are some typical messages from the Apache access log.
45.24.217.241 - - [03/Jun/2018:15:41:23 -0700] "POST
/mailman/options/LISTNAME HTTP/1.1" 401 4532
"https://www.example.com/mailman/options/LISTNAME" "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
45.24.217.241 - - [03/Jun/2018:15:40:46 -0700] "POST
/mailman/admindb/LISTNAME HTTP/1.1" 401 2715
"https://www.example.com/mailman/admindb/LISTNAME" "Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
You should be able to recognize those with fail2ban without any
modification to Mailman's logging.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list