[Phplogcon-dev] brute force password cracking prevention
Michael Meckelein
mmeckelein at hq.adiscon.com
Wed Dec 7 17:18:12 CET 2005
Brian wrote:
> Side note:
> Maybe a good thing to slow it down in the case of brute force
password
> cracking. (Users Table). (scripts can do this, not for us to worry
about,
> yet).
Rainer wrote:
> hehe... another low priority todo list item - tarpiting attacks (after
> all, such a brute force may case the system to exhaust its
> ressources...)
As a simply approach we can log failed login attempts. E.g. if there are
more than three failed login attempts in a minute, we can disable the
login for this user for some minutes.
Michael
More information about the Phplogcon-dev
mailing list