How the ssh tunnel is probably the best and only real secure option. If anyone can point me towards a tutorial for this would be awesome. Thinking about another solution: how about adding a username. This would make bruteforce even harder. As far as my novice knowlege goes server like apache and nginx... record all requests. Writing a script catching all requests to appadmin login shouldn t be to hard to write. Now one could use a cronjob to check that list every 5 min for example. If the login page is called more than 5 times: block access to appadmin for 20 min. Those are just my thoughts i havent tested any of this. And Im not sure if it would work. Am 01.06.2013 22:56 schrieb "BlueShadow" <[email protected]>:
> Hi, > Overall web2py is pretty save as far as I know. > https://scanmyserver.com/shows for my web2py app 6 "low priority" risks. As > far as I'm concerned > they are very low priority but since I startet to record all errors (code > 400 404 500) in an database table I get a little concerned since my very > small site gets on some days 20 attacks. They are pretty premitive as far > as I can tell. Trying to call admin page or /wp-login ... trying to add > code after the url... > So my concern is not the site itself but the appadmin. It is only > protected by a password and as far as I can tell there is no brute force > protection like a timeout after 3 or five misspelled passwords. > I don't know if I'm just paranoid but I can't record if there are attemps > to access appadmin and there is no timeout for the password. > I would welcome your thoughts on this issue. > > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "web2py-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/web2py/1hnFerQ0FJo/unsubscribe?hl=en. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
