Note that that won't give you a 10%. For all you know you could get RandomValue equaling 10 every single time. Unlikely, but possible. Doesn't really matter tho.
Actually it does work perfectly; I have tested it. Once seeded and started, a proper working random generator like this will indeed produce a 10 almost precisely 10% of the time.
That doesn't mean that SOMETIMES you won't get 2 10's in a row, but after a million runs you will have 100,000 10's, evenly distributed across the bell curve.
Originally posted by Dragon Curve ProxyPass - doesn't sound like a very good idea to me. Obviously this will be checking for open 80/8080/1080 or what not ports on the incoming host. This poses many problems. For starters, clearly you need a timeout to verify the ports are open/closed. This will drastically slow down your response time for servers which I wouldn't consider a good thing AT ALL especially in this industry.
Secondly, if it were just open ports, then that's a very poor method of checking if the server is an open proxy (I doubt it would be done like this). Some sort of verification (especially for port 80) would have to be done - again, taking x amount of time to do.
"(4) Detection and denial of requests from multiple (non-proxy) IP addresses sending high numbers of unsuccessful authentication requests for the same username. This implies a distributed network attack."
I would very much like to know how you could ever possibly hope to protect against something like that and not give users downtime.
"In addition, the authentication portions of Apache were written in relatively poor manner. "
I'd like to see info that could back that up =P
There is no real protection against brute force attacks like this that I can see that will guarantee your users uptime.
For bruteforce protection/deterrance we use MemLogin
(available from PaysitePowertools.com )
and use Iprotect (an apache module) for password abuse - though iprotect doesn't help much against proxy based attacks.
Memlogin basically hides the real members URL from everyone except you & your members. If you set things up properly you won't ever be bothered by bruteforce traffic spikes again =]
Comment