Brute force protection doesn't protect against failed logins

Hi there,

I am running NC 14.0.5snap2 (PHP 7.1.26, mysql 5.7.22) and have hundreds of failed logins with the same user name and from the same IP address within the last hours. There is no IP excluded in the brute force protection app and brute force protection is enabled. Should the brute force protection of NC not block this IP address?

Is there any possibility to change the settings of the brute force protection (amount of failed logins allowed within a defined time frame / release time for a blocked IP address)?

As a temporary solution, I deactivated this user, but that’s not a long-term solution.


Check this out with fail2ban it is possible:

1 Like