BFM: Skip suspended accounts

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
15,143
Location
GMT +7.00
Hello,

I really don't know if it's possible or not, and how difficult would it be to implement. For now we've got the following situations:

If we suspend an account for any reason we start to get messages from BFM about brute-forcing for that account (which is not a real brute-force attack, but an offline email program, which still tries to connect to the server and retrieve/send emails), and as soon as we unsuspend it back, we already have some IP(s) blacklisted. And even a customer can pay a prolongation and get his account running back again he/she gets nerves as of being not able to connect to our mail server as usual. So a customer should contact us to get the IP out from the black-list.

So, I'd like to ask you for an ability for us, which would allow to skip failed logins into MAIL/FTP server for suspended accounts.

Note, since the account is suspended none brute-force attack would ever succeed.

Regards,
Alex.
 
Agree, did happend to me aswell and customer has static ip. Customer thot i didnt renew his account, but in fact was just banned cause of office computers with outlook that was just trying to download emails.

Hope John can do something about that. I'll link this FR to him.

Regards
 
Thanks, it's in the versions system for implementation:
http://www.directadmin.com/features.php?id=1290

The question just remains, should the Admin still be notified, and just have the block be skipped?
Or since it can't succeed, don't even notify?

My concern is that I may want to know about an IP that is actually trying to break in.. even if it's pounding away on a suspended account.
I guess disabling notification would be ok, as long as the login count for that IP is still listed in the BFM, so the Admin would be able to check if they wanted.

John
 
I think is ok if doenst notify and doesnt block.

I suppose that if an account is suspended is not forever, or get renewed or removed lets say in 1 month. At least in my case.

Regards
 
The question just remains, should the Admin still be notified, and just have the block be skipped?
Or since it can't succeed, don't even notify?

I guess it depends on how you gonna deal with brute_force_notice_ip.sh. If it's possible to notify admin (with denoting that IP was not blocked automatically) without triggering brute_force_notice_ip.sh then it would be great.

Anyway with or without notifying admin, it would be great to see break attempts in admin area and be able to block the IP manually, without blocking it automatically.
 
Back
Top