More often than not, hackers try multiple accounts one after the other until the account is blocked, then they move onto another set of user names until blocked, then another, and another, and another. The problem with this is the accounts are being blocked, not the attacker, but the purpose is to block the attacker, not the user! Its backwards.
My suggestion is to add an option somewhere to block a specified amount of login attempts by the connected IP address. So if the IP address of 255.255.255.255 fails to login 10 times, regardless of what username they are trying, the IP address they are using would be banned for a specified amount of time.
In my opinion, setting this up properly would have an end result in 1 or 2 temporarily locked accounts with a banned IP for 24 hours. In the current environment, this would result in an unlimited number of locked accounts with likely 0 banned IP addresses.
2 posts • Page 1 of 1
To take this setting a step further in the "Smart" direction, any accounts blocked by an IP address that has been banned for these actions would be automatically unlocked since the attacker has been banned.
Who is online
Users browsing this forum: No registered users and 5 guests