I've set up certain rules and limits on those rules.
But I had a client who keeps getting locked out, as he has a few staff that login to the same account, generally at the same time to check emails.
This triggers the "Password Brute Force by Email", or it may be that a hacker is causing this issue?
The issue I have is that I went in to check today what the rules were set to and there were 6 new rules for "Password Brute Force by Email" set. Now I'm pretty sure I only set one of those.
1) Do they actually get set up based on activity, or should there only have been my 1 that I set up?
There are also 7 "Password Retrieval Brute Force" setup (all with the same settings).
2) Surely there only needs to be one of those rules (if they are all the same)?