Quote:
You need a script that tracks access and stops it. If you just use htaccess, then the hacker can just keep hitting it with a brute
force until they find the right user/pass combo's. A script would block them after x attempts and make it tougher (not impossible).
|
This is a very good point. In fact, with Phantom Frog, we offer a Brute
Force Attack Protection feature. Too many 401 errors on an IP
address, will get the IP address blocked. If the ip address has been
associated with brute force, we remember/block the Ip address. It
doesn't matter whether there were 10K attempts or 5k attempts from
that Ip address ... it's IP address we block.
The other key to stopping the brute force attack is this: if the do get
a password Phantom Frog catches the abused password almost
immediately using High-Resolution Geo-IP tracking .... pretty soon the
hackers get frustrated and go somewhere else. Geo-IP tracks all
accesses to the members area down to the city level. We offer a free
trial of Geo-IP Pass Abuse Detection.
This is in addition to our Automated Member Support (AMS) feature
which provides 24/7 uninterrupted access to legit members and none to
hackers.
Thanks
George