TSplus Web lockout, introduced with Version 12.40, is a user interface for the Web Portal Lockout feature, to unblock accounts and edit advanced settings:
Lockout monitors failed Web Login attempts on your TSplus server. It logs attempts and automatically blocks the corresponding user after the authorized number of failed attempts has been reached.
You will easily see if an Address has been locked under the "Locked" column.
The next column indicates the numbers of consecutive failures for each user.
On the Web Portal, a message indicates the user that too many failed attempts were made:
Users can be quickly removed from this list, unblocked and whitelisted from the easy-to-use management console in the Web Tab of the AdminTool. Just click on the user you want to reset or unblock and then click on "Reset".
The threshold for users blocking can be configured by the administrator, on the Advanced Settings Tab of the AdminTool:
Check the Documentation to configure Lockout Settings.
If a failed login attempt has been detected on the Web Portal, TSplus Advanced Security will indicate the "Lockout Event", corresponding to a username on the Security Event Viewer:
"A failed login attempt was detected from Web Portal for user ... 1 Failed login attempt were detected for this user since..."
TSplus Advanced Security Bruteforce Defender covers the Client I.P. addresses aspect. Hence, it also works for RDP connections.
Failed Brute-Force connections attempts, are also visible on TSplus Advanced Security Event Log (private IP addresses are excluded to avoid blocking proxy):
"A failed connection attempt was detected from IP address ... . This IP address is not whitelisted and will be blocked following several failed attempts to connect. Provided username: Harry."
For More information about Lockout and BruteForce Defender, check this documentation and the Brute-Force Attacks Defender documentation