Distributed FTP Tracking
Keep track of successful FTP logins. If the number of successful logins to an individual account is at least LF_DISTFTP in LF_INTERVAL from at least LF_DISTFTP_UNIQ IP addresses then all of the IP addresses will be blocked.
- Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Tracking Settings -> Distributed Attack Tracking.
- Check the Distributed FTP limit and set the desired Distributed FTP trigger.
- Click the Update button to save your settings.
- Click the Restart button to restart the firewall and login failure daemon.
Distributed SMTP Tracking
Keep track of successful SMTP logins (Postfix only). If the number of successful logins to an individual account is at least LF_DISTSMTP in LF_DIST_INTERVAL from at least LF_DISTSMTP_UNIQ IP addresses, then all of the IP addresses will be blocked. This option can help mitigate the common SMTP account compromise attacks that use a distributed network of zombies to send spam. A sensible setting for this might be 5, depending on how many different IP addresses you expect to an individual SMTP account within LF_DIST_INTERVAL. Be careful with this setting as if you have third party email services setup to relay email though your own server then their servers will get likly get blocked - e.g. if Gmail users are relaying though your server).
- Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Tracking Settings -> Distributed Attack Tracking.
- Check the Distributed SMTP limit and set the desired Distributed SMTP trigger.
- Click the Update button to save your settings.
- Click the Restart button to restart the firewall and login failure daemon.
