Intrusion Prevention

Magento.Login.Brute.Force

Description

This signature indicates a possible Magento Login Brute Force attempt.
A remote attacker might be sending multiple combinations of usernames and passwords to authenticate into a Magento server. The signature is triggered if there are more than 300 failed login attempts within 10 second. The threshold is configurable based on user's environment.

Affected Products

All Magento2 servers

Impact

Impact of a successful attack could vary, with the worse case being a system compromise.

Recommended Actions

Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.