Quote:
|
Originally Posted by Miura
How can I limit the number of failed login attempts (passwd authentification thru htaccess) to once every 30 seconds for example to prevent proxy brute force attacks and reduce my server's load? Is there any way to configure mod_auth and add a line in the .htaccess file to do that?
I use pennywize but its not enough. I am getting a massive attack and absolutely need to stop it. Each attack (failed request) is leaving a process unfinished, so the server kills the "child" process left open by the "parent" after a relatively long period of time making the server load very high. Even if I reduce it, getting so many failed requests per second is just too much and I might prevent access to legit members.
Thanks in advance for any help you kind people may give me.  |
There's not much you can do when they are using proxies, at least based on time between login attempts.
I'd suggest you contact Ray Morris and ask him. I'm almost positive his Strongbox software will handle this. If he's online he'll probably get it installed right away. I can't speak for him, of course, but he seems to be like that
Ray's ICQ is 7-208-627