On 07/20/2017 08:47 PM, Robert Schetterer wrote:
Ok I understand, not a bad idea, report how it works for you
That "report how it works for you" was exactly why I posted the fail2ban failregex back to the list. :-) So others can use it too.
It works fantastic, and I ombined it now with blocking complete countries at the firewall-level.
Users have their regular three login tries, and get a password dialogue if they changed their password.
(which many did, in the light of this attack)
And the last botnet attempts remaining, using "password" etc are blocked instantly.
Works nicely. :-)
Now I want to implement application specific passwords, I will post about that in a seperate message. As you have been such a great help, perhaps you can also help a little bit in that thread...?
Thanks again, MJ