[Mailman-Users] beefing up mailman's web security

Mark Sapiro mark at msapiro.net
Tue Feb 17 01:38:17 CET 2015

On 02/16/2015 12:20 PM, Steven Jones wrote:
> Our mailman web gui is under constant distributed bruteforce attack.  We would like to add something like,
> https://www.phpcaptcha.org/
> to it, is this possible?

It's certainly possible if you have sufficient access, but it may not be
easy depending on what exactly you want to do. Since Mailman's web UI is
CGI based, it isn't easy to include php directly, but you can probably
find python based captchas or textchas that would be easier, but be
aware that captchas are easily broken by current bots and are extremely
annoying to users.

> or are there any other ideas?

If you describe more specifically what the problem is, we may be able to
offer more help. For example, if the issue is bots subscribing to lists
via the subscribe CGI, enabling the Mailman 2.1.16+
SUBSCRIBE_FORM_SECRET feature may help.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list