Brute Force

[plesk002]

Dear All,

I have enabled Parse service logs for brute force attacks in my directadmin, and it already works with my csf ( i have checked, it is banned )...

But in Brute Force Monitor , i can see the hacker still trying to scan over 50 times....is it possible to set the limit like if failed 10 times, it will block itself


IP Login Failures First Last Notified Blocked IP Info Select
59.xx.xx.88 150 Jul 25 17:40 Jul 25 17:40 Yes Yes IP Info
121.xx.xx.106 78 Jul 25 17:58 Jul 25 18:01 No No IP Info
59.xx.xx.66 75 Jul 25 17:40 Jul 25 17:40 No No IP Info
59.xx.xx.67 75 Jul 25 17:58 Jul 25 18:01 No No IP Info

 

[Richard G]

Have you set the option "Blacklist IPs for excessive DA login attempts " to 10 under /CMD_ADMIN_SETTINGS already? This will help blocking logins to DA too.

 

[plesk002]

Thanks for your reply..

may i ask that, is it possible to ban immediately if the email account name does not exit on the server ?

because someone trying to scanning with my server from different ip...( only try 1 time to hacking then change another ip )....

it is not possible to ban this kind of attack......but the username does not exit from my server

 

[Richard G]

It might be done maybe via some log file and a custom regexp for CSF. But unfortunately I don't know how to create such regexp.
Next to that, best practice is to not ban for an unlimited amound of time, because the more bans, the more iptables lines which can east up some resources. Mostly these kind of scans will dissapear after some time.
It's irritating, but it will go away. They all come and go.