Bill Moseley <[EMAIL PROTECTED]> wrote on 08/17/2007 10:32:36 AM:
> On Fri, Aug 17, 2007 at 03:56:23PM +0100, Carl Johnstone wrote:
> >
> > >Anyone doing something like this already? Suggestions? Caveats?
> >
> >
> > You'll almost certainly have to log it per-IP address rather than an a
> > cookie or session or anything like that. Any real password-cracking bot
is
> > unlikely to honour your cookies or session identifiers.
>
> No, not by IP. Just keyed by login. This is at the application
> layer. The logs will also be watched for other patterns.
Also many web password cracker apps use a huge list of open proxy servers
and bot farms to farm out the requests -- so tying to the IP may not help
at all. On the same note tracking IP->login name->falures and looking for
a pattern of many IP addresses may also give you another insight to
potential crackers.
-Wade
_______________________________________________
List: [email protected]
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
