How does IP blocking work for suspicious activities?

  • Resolved luminsol

    (@luminsol)


    5 years, 8 months ago

    Hi, this is a great plugin.

    I have a question about the blocking of IPs after suspicious activities have been detected (e.g. php probing).

    Does the block duration follow the settings in the Limit Login Attempts settings? Or does it have its own non configurable settings?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    Does the block duration follow the settings in the Limit Login Attempts settings?

    That’s correct for most malicious/suspicious activities. I think in the future, there will be a separate setting.

    Regarding “Probing for vulnerable PHP code”: the behavior is the same as above if “Enable traffic inspection” is set to “Maximum compatibility”. If it’s set to “Maximum security”, Cerber denies such requests and blocks IP addresses immediately.

    Thread Starter luminsol

    (@luminsol)

    Thank you for the reply.

    I hope you can implement a separate setting in the future. I would like to block those malicious requests for longer than login failures.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How does IP blocking work for suspicious activities?’ is closed to new replies.

Tags