On Fri, Aug 17, 2007 at 02:33:21PM -0400, Perrin Harkins wrote:
> > I'm just thinking of blocking specific logins when too many failed
> > logins are attempted.
>
> That works if they keep hitting the same login with different
> passwords. Are you concerned about them trying many logins with a
> common password? ("secret") That wouldn't be caught.
For this I'm talking about someone trying many passwords on one login.
Logins may be easier to figure out if you know something about the
user base (names or email addresses).
But, I suppose one could use either the login or password (or both
separately) as the key to the cache entry counting failed logins.
--
Bill Moseley
[EMAIL PROTECTED]
_______________________________________________
List: [email protected]
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
