On Mon, Feb 9, 2009 at 6:21 PM, Markos Gogoulos <mgogou...@gmail.com> wrote: > Hi all, > > I'm using django-registration to handle logins, registrations etc. It is > very handy and easy to set up, but allows unlimited login attempts, and thus > people can brute-force any django-application! > > So far I've been using fail2ban to ban users that brute force passwords. I > would be interested to hear how you handle this from within django! Are you > aware of some patch/code or blog entry where I can find more information?
Simon Willison published an interesting blog on this exact topic just after the successful dictionary attack on Twitter. He includes some references to other approaches, as well as a fully worked example based on using memcached. http://simonwillison.net/2009/Jan/7/ratelimitcache/ Yours, Russ Magee %-) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
