If someone tries to brute force passwords their IP will be added to the blacklist.

  • The IP will be un-listed after 12 hours.
  • The default threshold for authentication failure rate is 20 per minute.
  • The default (BlackList.PerMinuteThreshold = 20) can be changed in the intranet.conf.
  • Hosted clients can disable blacklisting in the settings.
  • One NATedĀ IPv4 user can get many users blacklisted due to shared IP. IPv6 or internal monitoring are the only way to prevent that without disabling blacklisting.