[pmwiki-users] making brute force attacks more difficult #2
Christophe David
pmwiki at christophedavid.org
Mon Aug 20 15:16:22 CDT 2007
> I propose two things:
> - bind the session to the remote ip address and the user agent
> - restrict a login from a remote ip address if there are more than 5 bad
> logins within the last 2 hours
> What do you think ?
> Code:
It looks very interesting. Thanks a lot for sharing this.
May I suggest you to make a recipe with this code and publish it in
the cookbook ? I am pretty sure there would be a lot of interest for
it, and we would get more comments/suggestions and reports.
Anyway, I will try this very soon on my own as my logs keep showing
automated login attempts and I definitely want to stop them.
Just an idea: when an attack is suspected, we could also sleep() for
30 seconds before returning anything, that should calm things too...
Thanks again for your help.
Christophe
More information about the pmwiki-users
mailing list