diff --git a/apps/authentication/api/mfa.py b/apps/authentication/api/mfa.py
index 183fb113c..950152def 100644
--- a/apps/authentication/api/mfa.py
+++ b/apps/authentication/api/mfa.py
@@ -47,12 +47,21 @@ class MFASendCodeApi(AuthMixin, CreateAPIView):
             self.incr_mfa_failed_time(username, self.ip)
             raise e
 
+    def get_user_from_db(self, username):
+        """避免暴力测试用户名"""
+        ip = self.get_request_ip()
+        self.check_mfa_is_block(username, ip)
+        try:
+            user = get_object_or_404(User, username=username)
+            return user
+        except Exception as e:
+            self.incr_mfa_failed_time(username, ip)
+            raise e
+
     def perform_create(self, serializer):
         username = serializer.validated_data.get('username', '')
         mfa_type = serializer.validated_data['type']
 
-        self.ip = self.get_request_ip()
-        self.check_mfa_is_block(username, self.ip)
         if not username:
             user = self.get_user_from_session()
         else:
diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo
index 80e3fbe45..80e2f9b84 100644
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@@ -1,3 +1,4 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:041711683ed0cfbf9ffd58f402f0acb98f77a1edde5f4582314a2568d539212c
-size 96641
+oid sha256:65ae747dcbddab2bbf9238b0ee589037805c9cf04a6c3a2e312d4c6c5e486b2d
+size 96320
+
diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po
index 7d568ab2b..fcb4b543c 100644
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-01-15 22:47+0800\n"
+"POT-Creation-Date: 2022-01-13 16:57+0800\n"
 "PO-Revision-Date: 2021-05-20 10:54+0800\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -1657,11 +1657,11 @@ msgstr "{ApplicationPermission} 移除 {SystemUser}"
 msgid "Invalid token"
 msgstr "无效的令牌"
 
-#: authentication/api/mfa.py:63
+#: authentication/api/mfa.py:50
 msgid "Current user not support mfa type: {}"
 msgstr "当前用户不支持 MFA 类型: {}"
 
-#: authentication/api/mfa.py:110
+#: authentication/api/mfa.py:97
 msgid "Code is invalid, {}"
 msgstr "验证码无效: {}"