tickets about brute force attacks

[Itachi]

Hi,
I get a lot of tickets like
subject:
Brute-Force Attack detected in service log from IP(s) 185.222.209.14, 91.200.12.174, 91.200.12.218

content:
A brute force attack has been detected in one of your service logs.

IP 185.222.209.14 has 650 failed login attempts: exim2=650
IP 91.200.12.174 has 335 failed login attempts: exim2=335
IP 91.200.12.218 has 339 failed login attempts: exim2=339

Check 'Admin Level -> Brute Force Monitor' for more information



with the same ip, why the system don't block them?
how can I stop it? or how to stop the tickets created about that?

thank you.

 

[Richard G]

There are some choices about these notices.

Securing DirectAdmin | Directadmin Docs

DirectAdmin Knowledge Base

help.directadmin.com

So really disabling all the messages and e-mails but keep the brute foce monitoring in place, add this to your directadmin.conf file:
hide_brute_force_notifications=1
and restart directadmin.

with the same ip, why the system don't block them?

If I'm not mistaken they are temp blocked and the count is incremental, so you see the total. Not 100% about this.

 

[Itachi]

Hi,
I get a lot of tickets like
subject:
Brute-Force Attack detected in service log from IP(s) 185.222.209.14, 91.200.12.174, 91.200.12.218

content:
A brute force attack has been detected in one of your service logs.

IP 185.222.209.14 has 650 failed login attempts: exim2=650
IP 91.200.12.174 has 335 failed login attempts: exim2=335
IP 91.200.12.218 has 339 failed login attempts: exim2=339

Check 'Admin Level -> Brute Force Monitor' for more information



with the same ip, why the system don't block them?
how can I stop it? or how to stop the tickets created about that?

thank you.

Mobdro Kodi
my issue has been solved