Quote:
Originally posted by Paolo
Here is the big problem with protecting you site.
Most programs give a 403 to the ip that brute forcing you password file.
They love to use ip's that AOL has, because AOL's system is a pile of shit and is easy to abuse
So 403's are fine in most cases except that AOL stores these 403's on there servers and prevents aol users sharing the same ip from visiting your site.
So now come the complaints from an AOL subscriber that he can not get in your membership area because his ip is blocked and he did nothing wrong " Except for using AOL in the first place" : )
What we did is give the brute forcer a 202 ok and redirect to a fake url.
That really seemed to help out
I hate those brute force programs they are a pain in the ass for everyone and any idiot can use them.
Hope that helps a little
|
Great info, we will change this!! thanx paolo!