[Mailman-Users] Brute force attacks on mailman web ui

Stephen J. Turnbull stephen at xemacs.org
Thu Apr 19 02:46:35 EDT 2018

Rich Kulawiec writes:

 > Brute force attacks can be pre-emptively blocked by nearly everyone
 > operating a Mailman instance.  (I say "nearly" for specific reasons
 > that will become clear below.)

Nice summary!

 > 3. The next step depends on the intended audience for your mailing
 > lists.

So here's my problem.  A lot of my constituency resides in CN,
occasionally including people at frequently problematic domains like
163.com.  Do you know any resources (or keywords to start googling
even!) at subnational levels?  KR and CN breakdowns would be most
useful to me; breakdowns for RU and former USSR would be appreciated
by many of my colleagues.

 > Hint: if you watch your logs long enough and pay attention to what's
 > in them, you'll probably notice that many attack patterns are localized.

This is helpful regardless of whether there are subnational
breakdowns.  I got the point the first time! :-)


More information about the Mailman-Users mailing list