Banning an IP Address that Uses an Invalid Account

EFT Server can add an IP address to the Site’s IP ban list when a specified number of invalid login attempts occur over a specified period when a non-existing username was supplied. The offending IP address is added to the Site's IP address ban list. (The Site's IP address ban list can be viewed and managed on the Site's Connections tab.)

To automatically ban an IP address after a number of invalid login attempts

In the administration interface, connect to EFT Server and click the Server tab.
In the left pane, click the Site.
In the right pane, click the Security tab.
In the Password Security area, next to Invalid login options, click Configure. The Login Security Options dialog box appears.
Select the Ban IP address check box, then specify the number of invalid login attempts and number of minutes during which to count the invalid logins.
Click OK to save the changes and close the dialog box.
Click Apply to save the changes on EFT Server.

The settings above cause the IP address to be added to the ban list on the 6th attempt (n+1). The values are the maximum failures ALLOWED before the IP address is banned. After the 6th login failure, the IP address would be banned.

In EFT Server 6.2 and DMZ Gateway 3.0, EFT Server communicates the new IP address to the DMZ Gateway, and these attempts are rejected at the edge/DMZ.
In EFT Server 6.1 and DMZ Gateway 2.0, the IP address is added to the ban list, but the list is not communicated to the DMZ Gateway until the next EFT Server/DMZ Gateway reconnect.
If a hacker is using a legitimate username, but is running through a list of passwords, the IP address will be banned, but the legitimate user account is not disabled or locked out. The legitimate user can still login from a valid/non-banned IP address. The IP access/ban list displays newly added IP addresses. (You have to press F5 to refresh to ensure that it displays the current set of IP addresses. The GUI does not refresh automatically.)