[Mailman-Users] Logging failed Admin logins [SEC=UNCLASSIFIED]

Dale, Mark Mark.Dale at climatechange.gov.au
Mon May 21 07:21:21 CEST 2012

Hi All,

I'm looking for a way to prevent the Mailman Admin login from getting bruted. I was thinking that I can set fail2ban to watch the logfiles and trigger an event after a certain number of failed logins from the same IP address, within a specified time period.

I've had a look through the Mailman log files and can't see that Mailman writes anywhere for failed login attempts (to the Admin page).

It seems that the best that can be done at the moment is to guess it from the POST entries in the Apache logs.

Even there,  a failed login just reloads the page and  generates an Apache '200' (Okay) entry for the request.

All I can think of at the moment is to hack the Mailman code so a failed login attempt sends the user to a new page rather than just reload the page.

We could then tell fail2ban to watch the Apache access logs for records of those requests and trigger events off those.

But that seems a bit untidy, and very 'unMailman' like.

Does anyone have a suggestion for logging the time and IP address of failed login attempts?

Mark Dale


IMPORTANT: This message, and any attachments to it, contains information 
that is confidential and may also be the subject of legal professional or 
other privilege. If you are not the intended recipient of this message, you 
must not review, copy, disseminate or disclose its contents to any other 
party or take action in reliance of any material contained within it. If you 
have received this message in error, please notify the sender immediately by 
return email informing them of the mistake and delete all copies of the 
message from your computer system. 

More information about the Mailman-Users mailing list