No worries. I appreciate that you are thinking along with me. I don't feel being shot down.
it would be incredibly risky and counter-productive to ban ALL IPs that tried to access any account. How can we know for certain that one of them wasn't a legitimate hit?
This is true. If I understand correctly this is how it currently works. If I select 'ANY IP' then it will just count X logins from whatever IPs.
I would like to have a more narrow selection: 'DIFFERENT IPs'. This would cause login attempts on the same account from X different IP addresses within Y hours to be flagged.
I would also like to have another selection, but it seems that the hacker is aware that I am using this addon. Probably because the addon clearly advertises the name 'DragonByte Security' in messages to users:
The hacker has set up dummy accounts to test out what happens when a login attempt is detected. This addon then emails users with the name of the security addon which makes the attacker aware of the protection mechanism. A simple google search leads here.
This allows the hacker to test exactly what the settings of this addon are and adjust his attacks to the settings. The brute force are mostly under the set thresholds.
Where can I find the text that is sent out by email? I cant find it in phrases.
Sure, by manually analysing the logs and manually looking up the IPs, you may be able to determine that in 100% of cases you've encountered, all the IPs are false and do not belong to any legitimate forum user.
I find that there are a few things missing that would allow me to do this:
On IP ban log, login strikes viewer, watcher log there is no filter for login strikes or type of login strikes. This makes it very hard to analyse logs.
Here it would be very valuable to display which accounts have been accessed under that IP banned address: /admin.php?dbtech-security/search&action=get-host&ip=xxx
This would immediately show additional potentially compromised or malicious accounts.
The functionality of DragonByte Security seems to be designed to protect against attackers accessing accounts of legitimate members. It does not seem to be designed to protect against malicious accounts registered by the attacker. i.e. the accessed accounts are malicious themselves.
I've renamed the DragonByte Security support forums for you, alternatively you can use the New Ticket button and choose Feature Request and it will put the thread in the correct forum
Thanks. I am hope that you will be able to implement
@NixFifty tickets + XFPM. I think it will be a good enhancement to your support. The old vb site is always giving me login issues (Im logged in but its asking me for my login) and 'invalid redirect' errors.