[Mailman-Users] Brute force attacks on mailman web ui
fmouse at fmp.com
Thu Apr 19 13:33:12 EDT 2018
On Thu, 2018-04-19 at 10:08 -0700, Natu wrote:
> On 04/17/2018 08:27 PM, Carl Zwanzig wrote:
> > On 4/17/2018 7:20 AM, Rich Kulawiec wrote:
> >> I stood up a new server last fall with *no* valid ssh access and logged
> >> about 750,000 attempts in a month. Similar patterns.
> > There's a reason I don't put sshd on port 22; moving it elsewhere and
> > blackhole-ing 22 cut the auth log tremendously.
> > (
> If you have no users logging in remotely or if users are technical
> enough, consider using fwknop for ssh and other services. I also use
> openvpn or openvpn with fwknop to access the vpn. I've found fwknop to
> be rock solid, and I've never had even a single attack on services that
> use fwknop. http://www.cipherdyne.org/fwknop/
Once again, do yourself a favor and check out fail2ban. It's in use on
my company's server and works wonders on stopping brute force attacks
on ALL services affected.
Lindsay Haisley | "The first casualty when
FMP Computer Services | war comes is truth."
http://www.fmp.com | -- Hiram W Johnson
More information about the Mailman-Users