I don’t try to ban all the offending users but I do scan the logs for anyone who seems particularly persistent. Also, over time I’ve tightened up the lockout routine. Archerdata is right, though, the best solution is the option for a self-generated list as we already have for IP addresses.
I turned on this option recently. Looking at my logs, I see that it works fine to ban users who use the login name “administrator” but not the name “admin.” iTSec should change this — there are many more attempts using “admin” than any other login name.
