BFM "bad login/username" list for immediate blocking

Zhenyapan

Zhenyapan

Verified User
Joined
Feb 23, 2018
Messages
2,328
Location
UA
Hello,

Can we create some list of logins/usernames to block attempts to connect immediately?
For example I'm receiving a lot of messages from BFM like:
Brute-Force Attack detected in service log on User(s) anonymous
"User anonymous has 18041 failed login attempts: exim2=66 & proftpd1=17975"
I don't have such user so why not block immediately IP from which this request was, and another popular names such as "administrator, host, server, user" etc.
And I want to be able to edit this list :)
Thanks.
 
Yes, like the forbidden domains list but then for usernames. Good idea.
Might be best to suggest that in the feedback forum.
 
For smaller servers a whitelist for usernames would be more beneficial I think.
At least, on my server with just some 30-40 users, I roughly know who's logging in with email, ftp or wordpress for instance. Every other log-in attempt can be blocked rightaway.
 
BBM said:
would be more beneficial I think.
Click to expand...
I don't know for sure. Users can create ftp users and e-mail accounts themselves with all kinds of names. If you work the other way around like you say, so whitelisting instead of blacklisting names, it takes a lot more support or monitoring to get the newly created names into the whitelist, doesn't it?
Just some food for thought...
 
  • Like
Reactions: BBM
True. I was thinking too much on my own situation, where hardly none of my clients have access to their DA-panel (most aren't too saffy enough).
 
Wordfence (WordPress) has something like this and that works really well. Whitelist / blacklist and a setting to block non existing usernames attempts. Would be nice to have this in DA.
 
You must log in or register to reply here.
Back
Top