TalkPHP - View Single Post

Enfernikus · 08-07-2009, 03:15 PM

The only way to prevent a bruteforce attack is to count the number of login attempts and ban the user after so many, how ever this becomes cumbersome when a user has legitimately forgotten their password and therefore is forced to go through an entire password recovery process. Sometimes, I'll set the number somewhat high so I can avoid this ( like 10 attempts ).

The connection is closed by their IP because they're the ones trying to connect. And on failure they'll close the connection and retry a login.

Regarding what I said before, I see now it's shell access, so I would suggest simply doubling up the complexity of your password ( an un-caged ssh password should be complex already but just to make sure ) and banning that IP

08-07-2009, 03:15 PM	#4 (permalink)
Enfernikus The Addict Join Date: Jun 2008 Posts: 335 Thanks: 2	The only way to prevent a bruteforce attack is to count the number of login attempts and ban the user after so many, how ever this becomes cumbersome when a user has legitimately forgotten their password and therefore is forced to go through an entire password recovery process. Sometimes, I'll set the number somewhat high so I can avoid this ( like 10 attempts ). The connection is closed by their IP because they're the ones trying to connect. And on failure they'll close the connection and retry a login. Regarding what I said before, I see now it's shell access, so I would suggest simply doubling up the complexity of your password ( an un-caged ssh password should be complex already but just to make sure ) and banning that IP __________________ My Blog