Limit Login Attempts Notifications

So I just got my first limit login attempts email, and an IP address from Italy has been trying to get into my account for the past two days. There have been 7 lockouts in the past two days. (4 attempts per lockout X 7 lockets = 28 attempts)

The usernames they have tried are not my usernames, and the plugin seems to be doing its job just fine. Should I do anything more at this point? Or just turn off notifications so I have don’t know what is happening and trust the plugin.

Great question! This is totally up to you, the notifications are exactly that, it’s telling you that the plugin is doing its job and blocking the failed logins for you. There’s no additional action needed if you get an email notification.

You can remove the notifications if you’d like by following the process above, or let the plugin do it’s thing.

I’ve also have a rash of login attempts recently that the plugin is stopping … and it seems that whoever this is has some of our usernames

I was wondering if it’s possible to block the IP that they are coming from at the server level. Would it be a good idea to block that IP through a setting in WHM?

Great question! Our infrastructure-wide firewall, Bitninja, will catch excessive logins as well as the Limit Logins Plugin. Within WHM you can block the IP under the ConfigServer Security and Firewall section as well if you’d like.