Hi there - We have been fighting off a major Brute Force Attack for the last week and I'm looking for any advice that fellow network admins might have for us. We have been holding strong, but our server speed has suffered as well as the fact that at times, our users are getting error messages when trying to log in due to the sheer volume of the attacks.
A few key facts:
We do not have a user named admin or root, which is what 99% of the attacks are trying to login as.
We are using WordFence and it is doing a great job of automatically blocking IP's that attempt to log in with fake credentials.
Our passwords (at least super admin) are very strong
We are currently blocking all known IP addresses from outside the USA to at least cut down on the access, but many of the attackers are from inside the USA or have unknown IP addresses.
Does anyone have any suggestions as far as how to slow this down? It's been a week so far and we've had over 33 million log in attempts in that time frame.
We looked at the securi Cloud Proxi, but with over 1500 sites on our network, it was cost prohibitive ($1500 a month minimum)
Does anyone have any ideas to help us combat this further? I'd be willing to "wait it out" if I knew it would ever end, but at this point, it doesn't seem to be slowing down...
Thank you to everyone in advance with any feedback, it's SO greatly appreciated..