Server Guard collects the logon events of the host on a regular basis and uploads the data to cloud for further comparison and analysis. In detection of a successful logon event from any unusual locations, a warning is triggered.
Frequent logon locations
If you have recently purchased the server, no frequent logon location is created for it. Also, no warnings are triggered during this period.
You have to successfully log on at least six times to have your location recorded as a frequent logon location. Moreover, if you log on from any different location during this period, a warning is triggered.
To avoid mis-alarms for your mobile office demands, you can add a frequent logon location in the Logon Security Settings, on the Brute-force/Unusual Sign-in page.
On the Alert Setup page, you can select the notification method for abnormal logon behaviors from SMS, emails, and internal email. By default, all these methods are enabled.
Server Guard collects logon events of the host on a regular basis and upload the data to cloud for further comparison and analysis. In detection of any brute-force attack attempts, the attack information gets synchronized to Alibaba Cloud punishment center to block behaviors from the specific source IP address.
In addition, if your logon password gets cracked and used by the attacker to perform logon, an event warning is triggered.
However, multiple inputs of wrong passwords for the unified exit of office network IP addresses may trigger mis-alarms. In such situation, you can add your trusted source IP addresses to the whitelist on the Security Configuration page.