Quote:
Originally posted by Easy
hmm.. maybe here someone has a good idea how to stop bruteforce attacks.
They are using a huge anon proxylist and testing each day 50k combinations within two hours. Blocking the IPs won't work...
|
How about this:
When you've detected that an attack is underway, always fail the first login from an IP, even if the password is correct.. a surfer will (hopefully) assume that they mistyped their password, and try again, while a brute forcer will just continue on.
Anyone?