How to auto-ban ip addresses after trying to login with 'admin'?

  • Q-collective

    (@q-collective)


    11 years ago

    The title says it all really: I have Limit Login Attempts installed and I get tons of mails where bots try to login with ‘admin’, a non-existing account.

    Currently they are banned for 20 minutes from logging in after 4 wrong tries and, if that happens again, 24 hours. But since the admin account doesn’t exist and since those consist the bulk of bots trying to login, I kinda just want to say “oh, so you’re trying to login with ‘admin’ at all?” *perma-ban*.

    Is this possible?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    What would you do to differentiate between your legitimate logins and other people? Are you always going to be using the same IP?

    Thread Starter Q-collective

    (@q-collective)

    Why would I need to differentiate? There is no ‘admin’ account, so all attempted logins are false. Also, I’m not sure why my ip address would matter?

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    Oh okay. If you were using the ‘admin’ username your IP address may be something to help differentiate, that was where I was heading.

    Thread Starter Q-collective

    (@q-collective)

    So, is this possible?

    I do exactly this but at server level using fail2ban. I have a growing list of banned addresses.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘How to auto-ban ip addresses after trying to login with 'admin'?’ is closed to new replies.