[Mailman-Users] Logging failed Admin logins [SEC=UNCLASSIFIED]
brad at shub-internet.org
Mon May 21 23:17:46 CEST 2012
On May 21, 2012, at 12:21 AM, Dale, Mark wrote:
> I'm looking for a way to prevent the Mailman Admin login from getting bruted. I was thinking that I can set fail2ban to watch the logfiles and trigger an event after a certain number of failed logins from the same IP address, within a specified time period.
Keep in mind that if you have a reverse proxy for your web server (or maybe a firewall that does that kind of function for you), then all connections will seem to be coming from that IP address -- you're not going to want to put that in your fail2ban list.
Customers at larger providers may be going through a proxy at their end, too -- again, banning by IP address can block a large number of people.
I've used fail2ban, it's got some good features, but you do need to be aware of its weaknesses when you're designing the rules.
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
More information about the Mailman-Users