[Mailman-Users] Brute force attacks on mailman web ui
incoming-pythonlists at rjl.com
Thu Apr 19 13:08:40 EDT 2018
On 04/17/2018 08:27 PM, Carl Zwanzig wrote:
> On 4/17/2018 7:20 AM, Rich Kulawiec wrote:
>> I stood up a new server last fall with *no* valid ssh access and logged
>> about 750,000 attempts in a month. Similar patterns.
> There's a reason I don't put sshd on port 22; moving it elsewhere and
> blackhole-ing 22 cut the auth log tremendously.
If you have no users logging in remotely or if users are technical
enough, consider using fwknop for ssh and other services. I also use
openvpn or openvpn with fwknop to access the vpn. I've found fwknop to
be rock solid, and I've never had even a single attack on services that
use fwknop. http://www.cipherdyne.org/fwknop/
More information about the Mailman-Users