In our server logs I am seeing thousands of "Authentication failed" But these are not for our users that are forgetting their passwords, these are people trying to log in with accounts that do not even exist, or accounts that did exist at one point, but have since been deleted. The same IP addresses are trying dozens of random user names to try to get one that works. They try one or 2, drop connection, then maybe several hours later try again, or try from a different IP address. This tactic is bypassing our brute force filter - which I thought i set pretty aggressive at : 2 failures in 240 minutes, to ban for 3 months.
What I would like to see is. If an IP address tries to authenticate with a user account that does not exist, It is immediately banned.
www.HawaiianHope.org - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.