Blocking legitimate mail users

**apb** · 08-03-2018, 12:57 PM

Hi Mauritz,

We are going to resolve this issue in our advanced bruteforce protection module (internal task id DEF-4079). Meanwhile, you can add the IP address into Imunify360 whitelist so no blocking will occur for it going forward.

**mauritz** · 08-03-2018, 01:43 PM

Hi,

When is the Advanced Bruteforce Module scheduled for release? I know you cant say exactly, but are we talking days, weeks or months from now?

**apb** · 08-03-2018, 02:36 PM

Current ETA is Q42018

**mauritz** · 08-04-2018, 06:41 AM

Thank you.

In the meantime, can we disable the rules being triggered and enable cPhulk until Q3 ?

**apb** · 08-05-2018, 08:25 PM

Yes, just re-enable cPHulk and it will make Imunify360 disable ossec IDS.

**apb** · 11-28-2018, 01:17 PM

Do we know if this has been implemented in 3.8.x already?

This issue is killing us.

**apb** · 11-28-2018, 02:31 PM

Mauritz,

No, it is not there in 3.8.x. Please, re-enable cPHulk if your are sure it is Imunify360 IDS (ossec) that causing the issue.

**mauritz** · 02-13-2019, 02:54 PM

Hi,

Q4, 2018 has come and gone.

Is this still going to be implemented at some point?

**apb** · 02-18-2019, 08:31 PM

This might be implemented (no confirmed ETA as of now) as part of mail protocols captcha - users will receive a custom response in their email agents with instructions how to unblock their IP. Another workaround can be to point a browser from an office IP to any http(s) website on the server and pass Imunify360 captcha - the office IP address will be added to Imunify360 whitelist upon that.

**apb** · 04-29-2019, 10:19 PM

when?

this is a serious problem that needs to get fixed.

only way right now is to set ossec custom settings to crazy values like 60 attempts in 10 min.

**apb** · 04-30-2019, 04:55 PM

you guys are over complicating this....

if there is more then X (2 to 5) users behind an IP authenticating correctly then whitelist that IP for 30 min with the counter resting on next good auth.

your software needs to stop blocking office of 200 people when one person has a bad password in there mail client.

this is a CRITICAL problem with your software, and needs attention ASAP.

I strongly suggest some effort is put into fixing this and less time put into features like multi server dashboard.

Thanks

**apb** · 04-30-2019, 05:33 PM

Agree, this is still a nightmare for us as well. Running 30 servers with IM360 but have to disable exim and dovecot rules from ossec so that cPHulk can manage those properly, on a per-user basis instead of blocking the IP.

Sad but true.

**skhristich** · 05-22-2019, 07:03 AM

Hi John,
This is a hard problem, we are working on it - but we have no ETA right now on when it will be solved.
Thanks!

**mauritz** · 08-10-2019, 07:38 AM

Good day,

Just want to check if anything regarding this issue has been addressed in 4.2.x ?

Regards,

Blocking legitimate mail users

Blocking legitimate mail users

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment