Open for Voting

Automatically block IP address of forbidden accounts

Being able to automatically block any IP that attempts to sign in with an account that is labeled "forbidden" would be a huge help in blocking malicious connection attempts.

For example, my server sees dozens of attempts each day with malicious users trying to sign in as: admin, root, cisco, azure, minecraft, user, ubnt, dspace, ansible, akash, linuxadmin, postgres, pi, and other default admin logins for various systems that are commonly managed via SSH.

I need a way to automatically block the IP address of anyone trying to use these credentials since they are not used to manage Serv-U and are used by 99.99999% of bad actors. This can be accomplished in several ways, including:

  1. Create rules in Server and Domain "Limits & Settings" that allow the designation of "forbidden" users. This rule will automatically, permanently block the IP address of any connection attempting to sign in as the users listed in this field (usernames entered in a field separated by commas, or added in a list)
  2. This can also be done by adding a new rule option to the user accounts allowing admins to mark an account as "forbidden" so IPs are blocked when someone tries to sign into an account listed in the "Users" section that are marked "forbidden." This would require admins to actually create the accounts they want to be forbidden, but this may be easier to implement since it could be a "Block IP after _____ bad password attempts" rule where admins can set the bad password count to 1.

Either way this is done, it seems like something that could easily be done with custom server and domain rules, and would help prevent nearly all malicious login attempts.