Ability to automatically add Dos Notification IP address to blacklists
Idea shared by Jon Eastwood - November 4, 2014 at 2:32 PM
Under Consideration
I have dos notifications set up and I get such emails on a regular basis:
 
Abuse detection rule SMTP Password Brute Force Protection (BruteForceBySession) has been triggered by xxx.xxx.xxx.xxx
 
and 
 
Abuse detection rule Denial of Service - POP 50 in 10Min (DenialOfService) has been triggered by xxx.xxx.xxx.xxx
 
is there not such a way that instead of gettign these emaisl I can simply if they fire they add the ip address reported in the email added to the black list to stop it?
 
make sense?
 

2 Replies

Reply to Thread
0
Robert Emmett Replied
Employee Post
Currently, whenever a DOS or password brute force attempts are detected, the offending IP by protocol are temporary blocked (or blacklisted) for the specified minutes in "Time to Block."
 
Are you wanting an option to permanently add the IP to the blacklist?
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Robert Emmett Replied
Employee Post
yes please
btw - where is the time to block setting I forget
 
I will add this to our feature request list for further consideration with the dev team.  As for the "Time to Block" setting, it is under System Admin -> Security -> Advanced Settings -> Abuse Detection. All of the abuse detection types have that field available.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread