“Brute Force” IP Lockout Time

  • Resolved psamathe

    (@psamathe)


    7 years, 7 months ago

    I’ve set the “Amount of time a user is locked out” to 1 day. I’ve added a load of “Immediately block the IP of users who try to sign in as these usernames“. When hackers are attempting one of the “Immediately lockout …” usernames they are blocked but only for 30 mins NOT for the configured Lockout time. This gives them “another go” after a short time …..

    • This topic was modified 7 years, 7 months ago by psamathe.
Viewing 2 replies - 1 through 2 (of 2 total)
  • wfdave

    (@wfdave)

    7 years, 7 months ago

    Hi @psamathe,

    Please change the field How long is an IP address blocked when it breaks a rule found under Rate Limiting.

    If you change that field, it will the amount of time a user is blocked when they use a blacklisted username.

    Note that the option reads “Immediately block the IP address” so that mean it uses the “How long an IP is blocked for” time field.

    Dave

    Thread Starter psamathe

    (@psamathe)

    7 years, 7 months ago

    Many thanks. Somewhat confusing that the lock-out timers in the Brute Force section are not applied to some of the Brute Force settings but timers from a different section used.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘“Brute Force” IP Lockout Time’ is closed to new replies.