|
One solution I used previously, was a modified mod_auth_mysql in apache.
With a few changes to the module, it would disallow access for 5 mins on an invalid password.
Basically, if someone tried to login with username=foo, with an incorrect password, ANY attempt to login with username=foo for 5 mins would be denied, even if it was right.
Worked very well for stopping brute force password cracking.
Downsides to this method include no real bandwidth saving other than keeping them out of the members area, and if someone knows how it works, they could brute force with tons of usernames and possibly lockout paying members.
I prefer other authentication methods to http auth generally, slightly more work to setup, but harder to find something to brute force them on your average script kiddie site.
__________________
<A HREF="http://www.jesussmut.com/">
<IMG SRC="http://www.jesussmut.com/images/jesusbutton1.gif" BORDER=0>
</A><br>
Have a look at <A HREF="http://www.jesussmut.com/">JesusSmut</A>
|