IP Locked Out - via webmail failures

[McCarthySites]

I understand the policy, and support it, I just thought it would be better to 'get it out there' and publicize it a bit more.

I happen to have five different accounts (ie domains) on a single system. I have several email accounts on those systems that are not the 'admin' account.

Last night, access to all of those websites was blocked because of 10 failed login attempts to webmail of one of those users on a single node.

Because webmail is accessed via cpanel, h9's security measures saw 10 failed logins to cpanel and locked the IP from accessing any domain on that specific system.

Again, I support it, but I've got five somewhat community related websites on that system, and if, for example, those failures came from a common proxy (lets say an open wifi network at a hotel) - all other attempts from that IP to the other domains will kick back and no one will know why...

It was easy in this case, I knew what domain was causing the 'security issue'.

I will see if a more direct access to the horde area would avoid this, but I don't think so.

I'm also curious if a 'cancel' of the cpanel password request would be counted as a failed attempt.