Ability to automatically add Dos Notification IP address to blacklists
Idea shared by Jon Eastwood - November 4, 2014 at 2:32 PM
Under Consideration
I have dos notifications set up and I get such emails on a regular basis:
 
Abuse detection rule SMTP Password Brute Force Protection (BruteForceBySession) has been triggered by xxx.xxx.xxx.xxx
 
and 
 
Abuse detection rule Denial of Service - POP 50 in 10Min (DenialOfService) has been triggered by xxx.xxx.xxx.xxx
 
is there not such a way that instead of gettign these emaisl I can simply if they fire they add the ip address reported in the email added to the black list to stop it?
 
make sense?
 

4 Replies

Reply to Thread
0
Currently, whenever a DOS or password brute force attempts are detected, the offending IP by protocol are temporary blocked (or blacklisted) for the specified minutes in "Time to Block."
 
Are you wanting an option to permanently add the IP to the blacklist?
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
yes please
btw - where is the time to block setting I forget
0
yes please
btw - where is the time to block setting I forget
 
I will add this to our feature request list for further consideration with the dev team.  As for the "Time to Block" setting, it is under System Admin -> Security -> Advanced Settings -> Abuse Detection. All of the abuse detection types have that field available.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Hi Robert, I posted a question yesterday about whether it is possible to determine if there was a way to determine the source IP address of any DoS's that are identified in the Abuse Detection reports, but so far I haven't had anyone get back to me with an answer so I though I would ask here seeing as this is a related topic that has been engaged by a ST employee. I have tried to look in the logs but with so much to wade through I couldn't find anything obvious so just wanted to know if it was possible to track DoS causing IPs down in any way or not with SM 13.x?

Reply to Thread