How can I block distributed brute force attacks to a specific account coming from multiple IP addressses?

Distributed Attack Tracking

Enable the tracking of login failures from distributed IP addresses to a specific application account. If the number of failures matches the application trigger then all of the IP addresses involved in the attack will be blocked. Tracking applies to LF_SSHD, LF_FTPD, LF_SMTPAUTH, LF_POP3D, LF_IMAPD, LF_HTACCESS.

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Tracking Settings -> Distributed Attack Tracking.
  2. Check the Distributed attack tracking and set the desired Distributed attack trigger.
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

  • distributed, brute force, attacks
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How can I test to make sure that the OS has all the required kernel modules required for Juggernaut Firewall?

Test from the Juggernaut Extension You can run the firewall test by going to Juggernaut Firewall...

How can I adjust the attack triggers used by the login failure daemon?

To Adjust Login Failure Triggers Navigate to Juggernaut Firewall -> Settings -> Login...

Where are the configuration files for Juggernaut Firewall located?

Configuration files are located in the /etc/csf/ directory with the main firewall configuration...

How can I use Juggernaut Firewall to monitor a list of directories?

Enter the Directories You Want To Monitor Navigate to Juggernaut Firewall -> Settings ->...

How can I change the interface language of the extension?

You can change the interface language under Settings -> Application Settings -> Locale...