I'm not saying either of these are good ideas - just wondering.
Like everybody I see a lot of hack attempts. One possibility I'm considering is when a given local account name is tried - but with wrong passwords - that account is flagged and all further invalid logins are added to a blacklist. This is different from existing MaxAUTHErrors - because the existing controls are for a single IP. I'm suggesting having settings MaxAUTHErrorsAllIPs (number of bad logins for a given user across ALL IP's), AUTHUserErrorTime (length of time account should be place in auto-blacklist mode).
The other item is to have a delay on invalid authentication - so invalid attempts tie up spammer resources and slow their attempts.
-- Daniel ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
