Why do I get Brute-Force Attack detected if I have custom script for whitelisted IPS?

L

Luke

Verified User
Joined
Feb 15, 2014
Messages
46
Hello, why do I get these http://puu.sh/pzfkJ/e9ee249155.png notifications even if I'm blocking these invalid IPS. My script is:

login_pre.sh

Code: 
#!/usr/local/bin/php
<?php

$user = getenv('username');
$ip = getenv('ip');

$my_ip = "**.**";

if ($user == 'demo_user' || $user == 'demo_reseller' || $user == 'demo_admin')
{
       //not worried about demos
        exit(0);
}

if ($ip != "**.**" && $ip != "**.**")
{
        echo "Invalid IP";
        exit(1);
}
exit(0);

?>

**.** are just hidden IPS.
 
And all those notification are related to DA login? Are you sure are not related to SSH/POP/IMAP/SMTP?

My opinion is that all of those are SSH attempt, your login_pre.sh script is just for DA login.

Regards
 
You must log in or register to reply here.
Back
Top