Detect Username Guessing Brute Force Attacks

The below will detect a form of brute force which most will miss. Whereas other scripts detect multiple logins against a single account, they fail to detect 4 failed logins against 40 accounts.

This first checks for all accounts having an account login failure of 4 or more, it then checks for the quantity of accounts that have failed by 4 or more (5 in the below example). So if someone attempts to login with 4 or more different passwords unsuccessfully on 5 or more accounts, the alarm will trip.

 

Share This:

Leave A Comment?