~12hr period - number of attempts on the left.  manually blocking them as they come in ...

even adding CAPTCH (**like what's found on this board when posting replies**) would help ...

getting picked on this morning over 150 times from 3 ip addresses.  it would be great to disable their attempts after a specified number of attempts instead of manually blocking them

my server is still getting hit with unknown users from strange ip addresses:

User Name:badusername

Result:UserNameInvalid

Address:unknownIP

User Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0

and the badusername is using different ip addresses.

shouldn't this be of a higher priority after what just happened?  if this were in place 7 years ago would we have had this issue??