Open for Voting

Disable specific users after a number of unsuccessful login attempts

I would like to be able to lock out only certain users after a number of unsuccessful login attempts.  Maybe a setting in the "Limits and Settings" tab for users/groups that acts similarly to the anti-hammering Connection Setting on the Domain level.

We've got the Domain wide anti-hammering enabled, but it's set pretty high so that it really only catches bots that hammer the server.  (e.g. Block all users who connect more than 15 times within 15 seconds for 1440 minutes)

I'd like to set more specific settings for only our Domain Admin accounts and a few other specific users, so that it disables their account after 5 consecutive unsuccessful login attempts, while not imposing the same setting on regular users.

lkrudwig
Parents

  • Wow.  I just found out the hard way that the current anti-hammer "Connection Settings" as stated above block the IP address and not the user.

    I just inadvertently blocked my entire company office from our own Serv-U site by purposefully tripping this setting with a test user.

    I would like to suggest that the wording on this be changed from "block users" to "block IP address".  <<see attached screenshot>>

    10-2-2014 11-06-51 AM.jpg

    Obviously this current Connection Setting won't work for us, because we would have about 20 Group Admin users in our office--and we can't have 1 bad user lock out the IP address for our whole company.

    Ideally, we would like:

    --If a chosen user unsuccessfully attempts to log in 5 times in a row (either 5x in a given timeframe, or 5 times without a successful login), the user account gets disabled.

    --We could choose to apply this setting only on certain Users or Groups.

    --This disabling triggers an e-mail alert to my team.

    --An error message to the attempting user saying that "the account has been disabled" or something to that effect, so they don't continue to attempt to login.

Comment

  • Wow.  I just found out the hard way that the current anti-hammer "Connection Settings" as stated above block the IP address and not the user.

    I just inadvertently blocked my entire company office from our own Serv-U site by purposefully tripping this setting with a test user.

    I would like to suggest that the wording on this be changed from "block users" to "block IP address".  <<see attached screenshot>>

    10-2-2014 11-06-51 AM.jpg

    Obviously this current Connection Setting won't work for us, because we would have about 20 Group Admin users in our office--and we can't have 1 bad user lock out the IP address for our whole company.

    Ideally, we would like:

    --If a chosen user unsuccessfully attempts to log in 5 times in a row (either 5x in a given timeframe, or 5 times without a successful login), the user account gets disabled.

    --We could choose to apply this setting only on certain Users or Groups.

    --This disabling triggers an e-mail alert to my team.

    --An error message to the attempting user saying that "the account has been disabled" or something to that effect, so they don't continue to attempt to login.

Children
No Data

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.