[pmwiki-users] making brute force attacks more difficult #2

Peter Kay petya_98 at yahoo.com
Mon Aug 20 17:43:48 CDT 2007


Thomas Bley wrote:
> Hello,
> 
> I propose two things:
> - bind the session to the remote ip address and the user agent
> - restrict a login from a remote ip address if there are more than 5 bad
> logins within the last 2 hours
> 
> What do you think ?

An alternative approach is to double a "sleep" for each time a login 
fails.  I'm not sure how good an idea having a webserver sleep is, tho.

As someone who routinely forgets his passwords, I have to say that I'd 
like a little more forgiving a way to do this :)

--Peter




More information about the pmwiki-users mailing list