Magento.Login.Brute.Force
Description
This signature indicates a possible Magento Login Brute Force attempt.
A remote attacker might be sending multiple combinations of usernames and passwords to authenticate into a Magento server. The signature is triggered if there are more than 300 failed login attempts within 10 second. The threshold is configurable based on user's environment.
Affected Products
All Magento2 servers
Impact
Impact of a successful attack could vary, with the worse case being a system compromise.
Recommended Actions
Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |