On 05/03/2010 04:43, Tony Nelson wrote:
On 10-03-04 20:22:15, Frank Cusack wrote:
On 3/4/10 6:42 PM -0500 Tony Nelson wrote:
Looking at the source, I see that there are no options. It tarpits a bit, but currently has no limit on the number of attempts. I'll see what I can do.
I think it's a brilliant idea. After one login attempt, all others on the same connection should fail.
A fan! Anyway, there should at least be a choice. Not that I've coded a choice, just a dumb patch -- see attachment. It's a bit of a compromise, with a hard-coded limit of 4 attempts. Maybe I'll lower it to 2.
I would be all in favour of a setting like this because it's easier to configure than fail2ban...
...but ... At least my public facing servers seem to be receiving trickle scans where there is definite evidence of a slow distributed bruteforcer which uses multiple IPs to try multiple usernames and I probably only see each IP a few times a day... This is quite hard to defend against without some kind of distributed system (and I believe there are such things?)
Good luck
Ed W