Just to illustrate, here's what the additional lines look like in my .dada_config: $ADMIN_FLAVOR_NAME = 'admin_secret_stuff'; $SIGN_IN_FLAVOR_NAME = 'sign_in_secret_stuff'; $DISABLE_OUTSIDE_LOGINS = 1; $SHOW_ADMIN_LINK = 2; ...Continue Reading

> Justin, any thoughts about implementing a temporary lockout or at least an alert when a password is clearly trying to be hacked? The thought of someone succeeding in accessing a list is frightening. Well, Let's see what the docs have: http://dadamailproject.com/support/documentation-4_0_4/Config.pm.html#security First off: $SHOW_ADMIN_LINK Quote: Set $SHOW_ADMIN_LINK to '0' to take off the 'Administration' link that you see on the Dada Mail default page. Yeah, let's def. use that. If you use an outside ...Continue Reading

Justin, any thoughts about implementing a temporary lockout or at least an alert when a password is clearly trying to be hacked? The thought of someone succeeding in accessing a list is frightening.   Carl K ----- Original Message ----- *From:* John Collins *To:* Dada Mail Developers Subscriber *Sent:* Wednesday, May 12, 2010 5:00 PM *Subject:* [dadadev] Re: List Password Lost Request I blocked their IP from any access to the site.  They got creative, now they're spoofing my IP s ...Continue Reading

Hi John,   I'm not using the same version as you, but my version has three templates that offer a button to request a new password. They are:   \cgi-bin\dada\DADA\Template\templates\error_invalid_password_screen.tmpl \cgi-bin\dada\DADA\Template\templates\error_list_pass_no_match_screen.tmpl \cgi-bin\dada\DADA\Template\templates\error_no_list_password_screen.tmpl   You must have something similar somewhere. Just remove the <input type="submit"...> that is creating the reset ...Continue Reading

Maybe try some rewriting rules in Apache or your web server of choice?  Or if you are using a front end proxy, redirect that specific URL to 127.0.0.1 or a shock site.On May 12, 2010, at 2:02 PM, John Collins wrote: I blocked their IP from any access to the site.  They got creative, now they're spoofing my IP somehow on their fake logins. I need to eliminate that link so they can't try and do that any longer Carl G. Kuczun wrote: Looks like it was someone in Los Angeles, California... ----- Orig ...Continue Reading

I blocked their IP from any access to the site.  They got creative, now they're spoofing my IP somehow on their fake logins. I need to eliminate that link so they can't try and do that any longer Carl G. Kuczun wrote: Looks like it was someone in Los Angeles, California... ----- Original Message ----- *From:* John Collins *To:* Dada Mail Developers Subscriber *Sent:* Wednesday, May 12, 2010 3:55 PM *Subject:* [dadadev] List Password Lost Request Someone just tried to hack into my adm ...Continue Reading

Looks like it was someone in Los Angeles, California... ----- Original Message ----- *From:* John Collins *To:* Dada Mail Developers Subscriber *Sent:* Wednesday, May 12, 2010 3:55 PM *Subject:* [dadadev] List Password Lost Request Someone just tried to hack into my admin panel and requested that the password be reset.  I have their IP number 71.116.216.74I'd like to totally disable that "lost password" screen, but don't know where to look for it.Can you tell me where to ...Continue Reading

Someone just tried to hack into my admin panel and requested that the password be reset.  I have their IP number 71.116.216.74 I'd like to totally disable that "lost password" screen, but don't know where to look for it. Can you tell me where to find it?  I'm on vers 2.10.16. I'd be happy if I could just remove the script around the button. ------------------------------------------------- John Collins Meetings and Mixers Box 80461 Rancho Santa Margarita, CA 92688 c949 689 ...Continue Reading

Here are the downloads: * http://github.com/downloads/justingit/dada-mail/dada-4_0_5-beta1.tar.gz * http://github.com/downloads/justingit/dada-mail/dada-4_0_5-beta1.zip As well as the release notes: 4.0.5 Changes 4.0.5 POP3 and SMTP passwords saved in List Settings *This is not a security bug/issue/notice - rather, this is a bug that was introduced with the full UTF-8 support.* The binary-in-nature encrypted passwords saved by Dada Mail in the List Settings table/files in Dada Mail may have become unusab ...Continue Reading

On May 10, 2010, at 7:48 AM, John Collins wrote: > Is it a big deal to change to TinyMCE? It's still free and can easily be set to disallow uploads. I use it in my calendar system input form and really like it. Great idea - I urge people who may be interested to fork Dada Mail, develop it themselves and ask for a pull request. ...Continue Reading