Block IP after x attempts but only with x different password attempts
Posted: 06 Dec 2015, 10:37
Hi,
Is it possible to distinguish between real hacking attempts where a series of passwords is tried and a user who has input a wrong password in their mail program?
I have business clients that travel all the time and work together out of different venues each time.
Outlook for mac has the annoying habit of suggesting that the password might be wrong each time there is any issue with the connection. So my user tries to input the password again and sometimes messes up and gets her entire team blocked using the ip from that venue.
The solution I came up with is counting a repeated failed user/password combination as only one auth attempt, as I see no harm in allowing the same wrong combination to be repeatedly tried (and refused).
So instead of being blocked by csf after 10 failed attempts one would only get blocked after trying 10 different passwords which seems to me the logical way to deal with this.
But is this possible in csf?
Kind regards,
Dave
Is it possible to distinguish between real hacking attempts where a series of passwords is tried and a user who has input a wrong password in their mail program?
I have business clients that travel all the time and work together out of different venues each time.
Outlook for mac has the annoying habit of suggesting that the password might be wrong each time there is any issue with the connection. So my user tries to input the password again and sometimes messes up and gets her entire team blocked using the ip from that venue.
The solution I came up with is counting a repeated failed user/password combination as only one auth attempt, as I see no harm in allowing the same wrong combination to be repeatedly tried (and refused).
So instead of being blocked by csf after 10 failed attempts one would only get blocked after trying 10 different passwords which seems to me the logical way to deal with this.
But is this possible in csf?
Kind regards,
Dave