[Mailman-Users] Brute force attacks on mailman web ui

Lindsay Haisley fmouse at fmp.com
Thu Apr 19 13:33:12 EDT 2018

On Thu, 2018-04-19 at 10:08 -0700, Natu wrote:
> On 04/17/2018 08:27 PM, Carl Zwanzig wrote:
> > On 4/17/2018 7:20 AM, Rich Kulawiec wrote:
> >> I stood up a new server last fall with *no* valid ssh access and logged
> >> about 750,000 attempts in a month.   Similar patterns.
> >
> > There's a reason I don't put sshd on port 22; moving it elsewhere and
> > blackhole-ing 22 cut the auth log tremendously.
> >
> > (
> If you have no users logging in remotely or if users are technical
> enough, consider using fwknop for ssh and other services.  I also use
> openvpn or openvpn with fwknop to access the vpn.  I've found fwknop to
> be rock solid, and I've never had even a single attack on services that
> use fwknop.  http://www.cipherdyne.org/fwknop/

Once again, do yourself a favor and check out fail2ban. It's in use on
my company's server and works wonders on stopping brute force attacks
on ALL services affected.

Lindsay Haisley       | "The first casualty when
FMP Computer Services |         war comes is truth."
512-259-1190          |            
http://www.fmp.com    |     -- Hiram W Johnson

More information about the Mailman-Users mailing list