Hi,
Thank you all for writing the “Trace Brute Force Attack” script. I was wondering if it could be modified to alert us if the brute force login is successful?
Script Link: https://scripts.comodo.com/frontend/web/topic/trace-brute-force-attack
Hi @rawtech ,
Thanks for your valuable feedback. we will analyse your request and let you know once its completed.
Thank You.
Secondly, I think it would also be useful to have a script to use as a condition that disables the account being brute forced. Essentially, disable the account after XX amount of unsuccessful logon attempts.
Hi @rawtech ,
Thanks for your suggestion we will modify the script in such a way that after XX number of unsuccessful logon attempts alert will be generated and the script disables the account.We also suggest you that creating a alert after an successful login is not recommendable since a successful login means a computer has been already exploited.The basic idea of the script is to alert a user about the unsuccessful logon attempts so that he/she takes the necessary actions.
That’s not the right way to look at it. If the attack is successful, then we need to know about it. Obviously disabling the account after 10 failed logons is a good start but let’s say disabling the account fails (Numerous things can go wrong at the worst possible time) and the attack is successful on the 11 attempt. I need to know that as my next decision would be to get that machine off the network.
Hi @rawtech ,
Thanks for your suggestion we have already started working on your script we will update you soon once we have completed.
Thank You.
@rawtech ,
We have responded via support email concerning the modification requests and our Script Developers output. Please check your mail at your convenience