Log alerts security improvement for brute force password hack - preventative
Idea shared by Jason N. - 8/23/2020 at 9:21 AM
Proposed
I'd like to suggest, recommend SM to add a type of feature to notify a specific user or group of potential hacking attempts. SM's security is limited in the essence that there are the brute force rules but hackers are very smart nowadays where they game your email system and figure out your threshold and continue to attempt brute force attacks without triggering your rules.

For example, when looking at the logs, look for authenticated failures, you'll see a lot of IPs that fails, 1-2 times a day or 1-2 times a week... export those logs, use Notepad++ or your editor of choice and do a search for an IP and see how many times that IP has been trying to access your system and overtime, because they're in it for the long haul, you'll start to see 1000, 6000, a few hundred attempts... and by golly, one day, you'll get a call from your customer, I've been hacked!

It's a simple way to be alerted, verify, and do something about. It's short of any AI or any advance algos, but it's a good start.


Reply to Thread