[Mailman-Users] Brute force attacks on mailman web ui

ddewey at cyberthugs.com ddewey at cyberthugs.com
Thu Apr 19 13:53:20 EDT 2018

Quoting Rich Kulawiec (rsk at gsp.org):

> On Mon, Apr 16, 2018 at 09:08:43AM +0200, mailman-admin wrote:
> > Brute Force attempts can only be mitigated by e.g. fail2ban.
> Nope.  There are other ways.
> Brute force attacks can be pre-emptively blocked by nearly everyone
> operating a Mailman instance.  (I say "nearly" for specific reasons
> that will become clear below.)

Great writeup. This is exactly how I've had my firewall configured for
some time, with the drop/edrop and country block lists. I monitor for
breakin attempts and add country blocks as needed... it's interesting
that this seems to be somewhat cyclical in my experience, in that one
month 80% of my brute force attacks are from Turkey, then the next
month it shifts to Brazil (as examples, but I have both of these
countries blocked now).

More information about the Mailman-Users mailing list