> I propose two things: > - bind the session to the remote ip address and the user agent > - restrict a login from a remote ip address if there are more than 5 bad > logins within the last 2 hours > What do you think ? > Code:
It looks very interesting. Thanks a lot for sharing this. May I suggest you to make a recipe with this code and publish it in the cookbook ? I am pretty sure there would be a lot of interest for it, and we would get more comments/suggestions and reports. Anyway, I will try this very soon on my own as my logs keep showing automated login attempts and I definitely want to stop them. Just an idea: when an attack is suspected, we could also sleep() for 30 seconds before returning anything, that should calm things too... Thanks again for your help. Christophe _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users