Magento.Login.Brute.Force

description-logoDescription

This signature indicates a possible Magento Login Brute Force attempt.
A remote attacker might be sending multiple combinations of usernames and passwords to authenticate into a Magento server. The signature is triggered if there are more than 300 failed login attempts within 10 second. The threshold is configurable based on user's environment.

affected-products-logoAffected Products

All Magento2 servers

Impact logoImpact

Impact of a successful attack could vary, with the worse case being a system compromise.

recomended-action-logoRecommended Actions

Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-07-15 15.887 Sig Added
2020-06-30 15.876 Default_action:pass:drop
2020-06-18 15.867