Brute Force Protection
Wed Admin UI Brute Force Protection
If a user attempts to login with invalid credentials from the same ip address after 10 failed attempts, they will be locked for an hour.
The front end will give you the time that you have left, so if you try to login after you have been locked out, you will see this message:
It also should not matter if you are using a bad username or password, all that matters is that you are trying from the same ip address.
SFTP System Brute Force Protection
The SFTP system will ban an IP address for 5 hours if it has made more than 10 failed authentication attempts within 5 minutes of each other.
You can manually clear the IP lockout by restarting the Java service:
sudo su service sftpgw-admin-api restart
Or, you can disable the IP banning feature (in v3.3.0 and later).