Replies: 3
I would like to see a logical, in my opinion, function of mass sending of IP of attackers to the blacklist from the event log.
For example, now I have a type that tries to log in with an existing username from different IPs several dozen times a day.
And poking the button to send to the blacklist with an additional window and a large pop-up message about the result every time is akin to masochism.
I would like to do the following:
- In the event log, select the type of event (in my case it was an unsuccessful login).
- Select all the positions in the table at once and select the mass action – send everything to the blacklist, and not poke each entry separately, since the number of proxies used by the attacker cannot be counted.
As a result, the plugin takes each IP from those marked in the table, compares its presence with the existing data from the blacklist and, if it is absent, adds a new entry to the blacklist. If this IP is already on the blacklist, the plugin moves on to the next position.
So, is the job done, and there are no duplicate entries in the blacklist.
By the way, does the case of the login letters matter for the plugin?
For example, BlackSort, Blacksort and blacksort are different logins for the plugin or the same?