Enter an incorrect password at login and see what the "reset password" button has for text. Mine says "Mail <address> a new password". So I found the files by doing a search on my dada install for any files that have "a new password" as text.   Carl K ----- Original Message ----- *From:* John Collins *To:* Dada Mail Developers Subscriber *Sent:* Thursday, May 13, 2010 1:25 PM *Subject:* [dadadev] Re: List Password Lost Request I don't have any of tho ...Continue Reading

I don't have any of those template pages on 2.10.16.  Carl G. Kuczun wrote: Hi John, I'm not using the same version as you, but my version has three templates that offer a button to request a new password. They are: \cgi-bin\dada\DADA\Template\templates\error_invalid_password_screen.tmpl \cgi-bin\dada\DADA\Template\templates\error_list_pass_no_match_screen.tmpl \cgi-bin\dada\DADA\Template\templates\error_no_list_password_screen.tmpl You must have something similar somewhere. Ju ...Continue Reading

Just to illustrate, here's what the additional lines look like in my .dada_config: $ADMIN_FLAVOR_NAME = 'admin_secret_stuff'; $SIGN_IN_FLAVOR_NAME = 'sign_in_secret_stuff'; $DISABLE_OUTSIDE_LOGINS = 1; $SHOW_ADMIN_LINK = 2; ...Continue Reading

> Justin, any thoughts about implementing a temporary lockout or at least an alert when a password is clearly trying to be hacked? The thought of someone succeeding in accessing a list is frightening. Well, Let's see what the docs have: http://dadamailproject.com/support/documentation-4_0_4/Config.pm.html#security First off: $SHOW_ADMIN_LINK Quote: Set $SHOW_ADMIN_LINK to '0' to take off the 'Administration' link that you see on the Dada Mail default page. Yeah, let's def. use that. If you use an outside ...Continue Reading

Justin, any thoughts about implementing a temporary lockout or at least an alert when a password is clearly trying to be hacked? The thought of someone succeeding in accessing a list is frightening.   Carl K ----- Original Message ----- *From:* John Collins *To:* Dada Mail Developers Subscriber *Sent:* Wednesday, May 12, 2010 5:00 PM *Subject:* [dadadev] Re: List Password Lost Request I blocked their IP from any access to the site.  They got creative, now they're spoofing my IP s ...Continue Reading

Hi John,   I'm not using the same version as you, but my version has three templates that offer a button to request a new password. They are:   \cgi-bin\dada\DADA\Template\templates\error_invalid_password_screen.tmpl \cgi-bin\dada\DADA\Template\templates\error_list_pass_no_match_screen.tmpl \cgi-bin\dada\DADA\Template\templates\error_no_list_password_screen.tmpl   You must have something similar somewhere. Just remove the <input type="submit"...> that is creating the reset ...Continue Reading

Maybe try some rewriting rules in Apache or your web server of choice?  Or if you are using a front end proxy, redirect that specific URL to 127.0.0.1 or a shock site.On May 12, 2010, at 2:02 PM, John Collins wrote: I blocked their IP from any access to the site.  They got creative, now they're spoofing my IP somehow on their fake logins. I need to eliminate that link so they can't try and do that any longer Carl G. Kuczun wrote: Looks like it was someone in Los Angeles, California... ----- Orig ...Continue Reading

I blocked their IP from any access to the site.  They got creative, now they're spoofing my IP somehow on their fake logins. I need to eliminate that link so they can't try and do that any longer Carl G. Kuczun wrote: Looks like it was someone in Los Angeles, California... ----- Original Message ----- *From:* John Collins *To:* Dada Mail Developers Subscriber *Sent:* Wednesday, May 12, 2010 3:55 PM *Subject:* [dadadev] List Password Lost Request Someone just tried to hack into my adm ...Continue Reading

Looks like it was someone in Los Angeles, California... ----- Original Message ----- *From:* John Collins *To:* Dada Mail Developers Subscriber *Sent:* Wednesday, May 12, 2010 3:55 PM *Subject:* [dadadev] List Password Lost Request Someone just tried to hack into my admin panel and requested that the password be reset.  I have their IP number 71.116.216.74I'd like to totally disable that "lost password" screen, but don't know where to look for it.Can you tell me where to ...Continue Reading

Someone just tried to hack into my admin panel and requested that the password be reset.  I have their IP number 71.116.216.74 I'd like to totally disable that "lost password" screen, but don't know where to look for it. Can you tell me where to find it?  I'm on vers 2.10.16. I'd be happy if I could just remove the script around the button. ------------------------------------------------- John Collins Meetings and Mixers Box 80461 Rancho Santa Margarita, CA 92688 c949 689 ...Continue Reading