[Mailman-Users] Logging failed Admin logins [SEC=UNCLASSIFIED]
Mark.Dale at climatechange.gov.au
Mon May 21 07:21:21 CEST 2012
I'm looking for a way to prevent the Mailman Admin login from getting bruted. I was thinking that I can set fail2ban to watch the logfiles and trigger an event after a certain number of failed logins from the same IP address, within a specified time period.
I've had a look through the Mailman log files and can't see that Mailman writes anywhere for failed login attempts (to the Admin page).
It seems that the best that can be done at the moment is to guess it from the POST entries in the Apache logs.
Even there, a failed login just reloads the page and generates an Apache '200' (Okay) entry for the request.
All I can think of at the moment is to hack the Mailman code so a failed login attempt sends the user to a new page rather than just reload the page.
We could then tell fail2ban to watch the Apache access logs for records of those requests and trigger events off those.
But that seems a bit untidy, and very 'unMailman' like.
Does anyone have a suggestion for logging the time and IP address of failed login attempts?
IMPORTANT: This message, and any attachments to it, contains information
that is confidential and may also be the subject of legal professional or
other privilege. If you are not the intended recipient of this message, you
must not review, copy, disseminate or disclose its contents to any other
party or take action in reliance of any material contained within it. If you
have received this message in error, please notify the sender immediately by
return email informing them of the mistake and delete all copies of the
message from your computer system.
More information about the Mailman-Users