12

BFM "bad login/username" list for immediate blocking


Z
Zhenyapan

Hello,

Can we create some list of logins/usernames to block attempts to connect immediately?
For example I'm receiving a lot of messages from BFM like:
Brute-Force Attack detected in service log on User(s) anonymous
"User anonymous has 18041 failed login attempts: exim2=66 & proftpd1=17975"
I don't have such user so why not block immediately IP from which this request was, and another popular names such as "administrator, host, server, user" etc.
And I want to be able to edit this list :)
Thanks.
----
forum: forum.directadmin.com/threads/bfm-bad-login-username-list-for-immediate-blocking.66124/#post-346630

A

Activity Newest / Oldest

Avatar

Roman Mazur

We need a BFM action hook call in scripts/custom when BFM event is triggered. Make this and we take care of the rest.


E

Erulezz

Wordfence (WordPress) has something like this and that works really well. Whitelist / blacklist and a setting to block non existing usernames attempts. Would be nice to have this in DA.