• Darkassassin07@lemmy.ca
      link
      fedilink
      English
      arrow-up
      13
      ·
      7 months ago

      There’s a few ways to do it; but if they block based on username it can lockout legitimate users too.

      This is what fail2ban is for. Too many failed auths from an IP and that whole IP is blacklisted for a day or two. This can still catchout vpn users, but it’s still less disruptive.

      • HubertManne@kbin.social
        link
        fedilink
        arrow-up
        8
        ·
        7 months ago

        Many blocked for an hour or even just 10 mins. at the time it was enough to get the attack scripts to change targets.

      • SemiAuto@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        I went a bit overboard I think with my fail2ban configuration. If you fail 2 times to login in any admin interfaces (ssh, web, etc), you get banned for around 4880 days… I have too many banned IPs already… :/

    • discozombie@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      Indeed but in this particular case they’re using a large number of IPs, over 3000 on the last list I saw.

      • HubertManne@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        yeah and im thinking from an early 2000 perspective to where not being able to login for an hour was not necessarily a big deal. Whereas now so much of our life is online its not really as laid back a proposition.