brute force attacks

Awd · Dec 21, 2017

Hi,

I get a huge brute force attacks on one specific email user (the specific email does not exist),

Brute-Force Attack detected in service log on User(s) rshort, [email protected].
The email is needed, but is there a way to block the non-existing user directly, to keep it more clean?

The attacks comes all from different ip´s so blocking all the ip´s doesn´t seem a solution.

Anyone an idea?

Kind regards,
Fred

Richard G · Dec 21, 2017

I wouldn't bother about it. Just have CSF/LFD installed and let them block the abusers after some tries. It's not a lot of use because even if you would block this email address, you can bet your money they will launch a distributed brute force on another address soon.
It's best just to wait until it flows over. Logfiles will be rotated and deleted so the issue will dissapear at a certain moment.

zEitEr · Dec 21, 2017

Hello,

Probably disable notifications?

- I trust my brute force attack blocking system, I don't need to see all of the BFM messages.
https://help.directadmin.com/item.php?id=549

brute force attacks

Awd

Verified User

Richard G

Verified User

zEitEr

Super Moderator