Hi all, > Have a look at your failed logins log via the gui, you will see most use > the email address to try and brute force, or use a compromised password.
Exactly this. The username being one of the authentication tokens (instead of the email address) adds a small extra layer of protection to brute force logins. For my own servers I have Fail2ban tweaked so far these days that a single failed login attempt with the email address (instead of the user name) will ban the offending IP. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
