Brute Force Attacs and settings

[MaltaCode]

Hello,

I have this strange thing that happens, perhaps I don't understand this correctly from the documentation, so hoping someone here can help me understand what I can do.

Here are my brute force settings:

Now I get attacked very often on this, I guess that's the time we live in, like every five minutes, I have been attacked many times. Reading the logs, I am a bit confused, as some attacks are made thousand of times, while I am under the impression after five login attempts, the attacker will be blocked according to my settings. Here is a recent one with 737 login attempts. I have many like this every day.

So what did I set wrong? Or what do I not understand? Hope someone can help me out.

Kind regards,
Dick.

 

[Active8]

I am under the impression after five login attempts,

Those are the setting for DA panel login
I advise to lower the amount of Notify Admin after login (user+ip) failures from 100 to lets say 10 or so.

More info here : https://docs.directadmin.com/directadmin/general-usage/securing-with-bfm.html

 

[MaltaCode]

Those are the setting for DA panel login
I advise to lower the amount of Notify Admin after login (user+ip) failures from 100 to lets say 10 or so.

More info here : https://docs.directadmin.com/directadmin/general-usage/securing-with-bfm.html

Thank you, I have read that documentation but if I lower the Notify Admin after login (user+ip) failures to 10 wouldn't my message system be cluttered much more with these notifications?

The goal I would like to achieve is that if a user that tries to log in fails 5 times they will be blacklisted, now they can try to log in hundreds/thousands of times without being blacklisted. If they are ever blacklisted at all...

 

[Active8]

failures to 10 wouldn't my message system be cluttered much more with these notifications?

My experience is not but I have to admit we are using several blocklist in our CSF configuration so most of them cant even reach our servers.

 

[MaltaCode]

My experience is not but I have to admit we are using several blocklist at forehand in our CSF configuration so must of them cant even reach our servers.

Thank you again. I am also using CSF, so can you tell me what blocklists you are using so I can set them too?
Anything that will help prevent this time-wasting idiotic bfa I would happily apply to my setup ;-)

 

[Active8]

You can start with AbuseIPDB (https://www.abuseipdb.com/) howto for CSF can you find here : https://www.abuseipdb.com/csf
I strongly recommend to take part of the reporting so that we can have an better filter system
I am now outside and have no acces to our servers but I will edit my comment with the rest of the blocklist

 

[MaltaCode]

You can start with AbuseIPDB (https://www.abuseipdb.com/) howto for CSF can you find here : https://www.abuseipdb.com/csf
I strongly recommend to take part of the reporting so that we can have an better filter system
I am now outside and have no acces to our servers but I will edit my comment with the rest of the blocklist

Thank you, I have set this up, and it's working. Of course, I will share ;-)