Looking at the logfiles I suspect someone is trying a brute force attack to get the admin password one of my PmWiki fields, sending many requests at a time and loading the server quite a lot.
If I understand correctly, as $DefaultPasswords['admin'] is normally always defined, there is no need for an attacker to bother with the AuthUser or LDAP aspects. So trying SiteAdmin.Whatever?action=edit repeatedly with the HTTP POST method and setting the authpw variable to the guessed value should work if enough time is spent. I was wondering is it would not be a good idea to save the remote IP address and a timestamp for every failed authentication (ideally whatever the method used - AuthUSer, LDAP, etc.), and to deny access without any other control if the same address tried less than n seconds earlier. This would make brute force attacks too long to be practical. Is there already something available or did someone alreday think about how to implement such a feature efficiently, if possible in a way that is independent of the authetication method ? Thank you in anticipation. Christophe _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users