How can I block distributed brute force attacks to a specific account coming from multiple IP addressses?

Distributed Attack Tracking

Enable the tracking of login failures from distributed IP addresses to a specific application account. If the number of failures matches the application trigger then all of the IP addresses involved in the attack will be blocked. Tracking applies to LF_SSHD, LF_FTPD, LF_SMTPAUTH, LF_POP3D, LF_IMAPD, LF_HTACCESS.

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Tracking Settings -> Distributed Attack Tracking.
  2. Check the Distributed attack tracking and set the desired Distributed attack trigger.
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

  • distributed, brute force, attacks
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How can I raise the open file limit for the login failure daemon?

The login failure daemon can crash if you are monitoring a lot of domains in Plesk and are...

How can I test to make sure that the OS has all the required kernel modules required for Juggernaut Firewall?

Test from the Juggernaut Extension You can run the firewall test by going to Juggernaut Firewall...

How can I adjust the attack triggers used by the login failure daemon?

To Adjust Login Failure Triggers Navigate to Juggernaut Firewall -> Settings -> Login...

Where are the configuration files for Juggernaut Firewall located?

Configuration files are located in the /etc/csf/ directory with the main firewall configuration...

How can I use Juggernaut Firewall to monitor a list of directories?

Enter the Directories You Want To Monitor Navigate to Juggernaut Firewall -> Settings ->...