BFM ignore attempts on suspended accounts

Version 1.46


If a DirectAdmin User account, E-Mail or FTP account are suspended, any attempts on those accounts will be ignored by the brute force monitor if this option is enabled: brute_force_ignore_attempts_on_suspended=1 the internal default value is 1, so it's enabled by default. The feature knows which service is used, based on the filter match from the brute_fitlers.list, so it can figure out where to check the data. Namely one of: /etc/virtual/ /etc/proftpd.passwd or the password crypt from the system call to: getspnam (FreeBSD: getpwnam) ------ After coding it, I noticed that Dovecot already accounts for this, so this featue is somewhat redundant/non-applicable for dovecot, as the logs for dovecot for a suspended account looks like this: imap-login: Aborted login (user disabled) while a failed password login on a non-suspended account looks like: imap-login: Aborted login (auth failed, 1 attempts in 4 secs) so the filter wouldn't pick up the case for the suspended account anyway... But should you get an "auth failed" (possibly an older version of dovecot), then this feature would work normally for that case, and ignore the entry if suspended. ------ Aside from that, this will apply to the other areas: sshd, exim, and proftpd/pure-ftpd. ------ You may need to use this option to use the !password method of suspension, rather than the domain.com_off suspension:

Interested to try DirectAdmin? Get a 30-day Free Trial!