On 07/20/2017 08:47 PM, Robert Schetterer wrote:
Ok I understand, not a bad idea, report how it works for you
That "report how it works for you" was exactly why I posted the fail2ban
failregex back to the list. :-) So others can use it too.
It works fantastic, and I ombined it now with blocking complete
countries at the firewall-level.
Users have their regular three login tries, and get a password dialogue
if they changed their password.
(which many did, in the light of this attack)
And the last botnet attempts remaining, using "password" etc are blocked
instantly.
Works nicely. :-)
Now I want to implement application specific passwords, I will post
about that in a seperate message. As you have been such a great help,
perhaps you can also help a little bit in that thread...?
Thanks again,
MJ
