cPanel & WHM Version 94 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Automatic block IP for bad passwords should ignore repeats of same password

Eddy Carroll shared this idea 2 years ago
Already Exists

As a System Administrator, I would like to see the mail server keep record of the last invalid password used for each <Remote IP:AccountID> pairing during a login attempt so CSF can choose not to block IPs that repeatedly attempt the same invalid password due to client misconfiguration.


---------------------------------------------


CSF automatically blocks an IP after N successful bad passwords within a period (usually 1 hour).


If a legitimate user accidentally resets their password on the mail client to something wrong, their client can often poll multiple times in quick succession with the wrong password, causing their IP to be blocked. Since the legimitate user is typically sharing the public IP with other users of the same server, they end up blocking mail access for everyone, not just themselves.


If the mail server could record whether or not a client is using the same wrong password each time, and avoid counting repeated wrong attempts, it would almost eliminate these accidental false positive blocks. I appreciate that the password is typically sent in the form of a challenge-response, so it might be necessary to re-use the same challenge last used for an unsuccessful response for particular IPs; I leave possible security risks in this for others to worry about.

Best Answer
photo

cphulk already supports this functionality. If the password is the same as a previous attempt it will not count as a hit.

Comments (1)

photo
2

cphulk already supports this functionality. If the password is the same as a previous attempt it will not count as a hit.

Replies have been locked on this page!