[wplug-internet] Fail2ban addition
Vance Kochenderfer
vance at happylemur.com
Wed Apr 11 12:26:04 EDT 2018
We are seeing a large number of subscription attempts to wplug-jobs
coming in through the web interface. This is causing a minor problem
with e-mail backing up, in that the targeted e-mail servers (aol.com,
t-online.de) are throttling delivery. This appears to be some bot or
bots trying to subscribe addresses for reasons I can't fathom.
I created a fail2ban filter and rule (called mailman-subscribe) to try
to detect and thwart automated attempts. If a single IP address tries
to subscribe more than once in a 90-second window, that address is
firewalled from accessing the HTTP and HTTPS ports for an hour. This
applies no matter which mailing list the subscription attempt is for (or
if they are for different lists).
While I was at it, I removed Duncan Hutty and Ted Rodgers as admins for
wplug-jobs, since I don't think they have been involved for some time.
Please let me know if this is wrong and they should be re-added.
It seems to be working so far. I will keep an eye on it and may tweak
the settings if needed.
Vance Kochenderfer | "Get me out of these ropes and into a
vance at happylemur.com | good belt of Scotch" -Nick Danger
More information about the wplug-internet
mailing list