Hi, I have set the following security settings:
Any logical person would deduct that such configuration will block any IP after 10 failed login attemps. Therefore, NO IP will ever get more than 10 failed login attemps. Good, that's a secure server, I love Direct Admin, and so on.
Yet I am receving dozens of emails per hour with the subject:
My question is, exactly what for are the so called Security settings there if the are absolutely ignored?
And how do I really, actually get to block these brute force attacks to have some peace and get rid of DA notification Emails every few minutes? Thanks in advance.
Code:
Blacklist IPs for excessive DA login attemps: [B]Yes[/B], after [B]10 [/B]attemps
Time before failed login count resets: [B]3600 [/B]seconds
Remove an IP from the blacklist after: [B]0[/B] (means never)
Parse service logs for brute force attacks: [B]Yes[/B]
Reset count of IP/User failed attempts: [B]72 [/B]hours after last attempt.
Clear failed login attempts from log: [B]7[/B] days after entry was made.Any logical person would deduct that such configuration will block any IP after 10 failed login attemps. Therefore, NO IP will ever get more than 10 failed login attemps. Good, that's a secure server, I love Direct Admin, and so on.
Yet I am receving dozens of emails per hour with the subject:
Code:
New Message: Brute-Force Attack detected in service log from IP(s) 162.212.124.149My question is, exactly what for are the so called Security settings there if the are absolutely ignored?
And how do I really, actually get to block these brute force attacks to have some peace and get rid of DA notification Emails every few minutes? Thanks in advance.