[Mailman-Users] Limiting number of failed login attempts
mark at msapiro.net
Sat Oct 3 15:14:43 CEST 2015
On 10/2/15 3:00 PM, Aditya Jain wrote:
> Is there a way in which I can limit the number of failed login attempts
> to the archive to prevent a brute force attempt?
In recent Mailman, both the private CGI and the options CGI return a 401
Unauthorized status for a failed login. This makes it easy to use
something like fail2ban to block an IP after a number of failed attempts.
Also, You can generate more secure passwords by setting
USER_FRIENDLY_PASSWORDS = No
in mm_cfg.py, and you can make them longer by setting
MEMBER_PASSWORD_LENGTH = a number > 8.
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users