Feature request: owner email notification when brute attack / IP blocked


#1

Hello,

I recently had my IP blocked by security software thinking it could be a brute force attach due to an incorrect password entered (Filezilla had a cached password on a site I was not even interacting with which further confused the issue).

I was in the middle of downloading two sites quite successful and then all of a sudden my websites appeared down, at least from the perspective of a web browser. I could ping all my sites, which confused me since a web browser was telling me otherwise. I did not think about traceroute at the time since it seemed my sites were up. Not realizing my IP was blocked, I even tried to SSH/Telnet without success. Finally I contacted support to report my sites were down. My site came up on its own or at least appeared so and so when I got a reply from support informing me of the IP block I asked about email notification for such things and was told it does not yet exist.

I’m thinking that a nice feature to add would be site owner email notification when it seems that a brute force was detected.


#2

This is an interesting one… I can see the value in your specific case, although I wonder how much value such notification would be when there are hundreds of brute force attacks per minute :frowning:


#3

I don’t mean to send an email for each and every log entry. Just one for each unique IP that triggers the block. This should be fairly easy to implement programatically and could be an opt-in request for site owners.

I’m rather surprised it’s not already in place.


#4

I wasn’t clear, sorry. There are hundreds of IPs blocked per minute on many servers; the brute-force attempts are a lot more than that per minute. Depending on where your site is hosted, the amount of notifications could be quickly unbearable.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.