[pmwiki-users] making brute force attacks more difficult #2
Peter Kay
petya_98 at yahoo.com
Mon Aug 20 17:43:48 CDT 2007
Thomas Bley wrote:
> Hello,
>
> I propose two things:
> - bind the session to the remote ip address and the user agent
> - restrict a login from a remote ip address if there are more than 5 bad
> logins within the last 2 hours
>
> What do you think ?
An alternative approach is to double a "sleep" for each time a login
fails. I'm not sure how good an idea having a webserver sleep is, tho.
As someone who routinely forgets his passwords, I have to say that I'd
like a little more forgiving a way to do this :)
--Peter
More information about the pmwiki-users
mailing list