Can we create some list of logins/usernames to block attempts to connect immediately?
For example I'm receiving a lot of messages from BFM like:
Brute-Force Attack detected in service log on User(s) anonymous
"User anonymous has 18041 failed login attempts: exim2=66 & proftpd1=17975"
I don't have such user so why not block immediately IP from which this request was, and another popular names such as "administrator, host, server, user" etc.
And I want to be able to edit this list :)
We need a BFM action hook call in scripts/custom when BFM event is triggered. Make this and we take care of the rest.
Wordfence (WordPress) has something like this and that works really well. Whitelist / blacklist and a setting to block non existing usernames attempts. Would be nice to have this in DA.