Hello all,
One problem I am having, which I can't find a solution to, is the now common AUTH LOGIN brute force attack. These tend to go on for several hours and because the BOT doesn't care about protocols, continue even if you blacklist their IP (Mercury responds with Temporary Blacklist error). Sometimes the attack is mounted from TOR, so the originating IP changes 2 or 3 times during the attack!
There doesn't seem to be a "Limit number of failed AUTH LOGIN's" in MercuryS, and I can't find a reliable way of preventing the attacks.
Does anyone have any thoughts on this?
Does anyone know if there are plans to add tools to Mercury, like limiting the number of failed AUTH LOGIN's from the same IP?
Thank you in advance
John,
I've attached some "joined up" session logs showing the problem.