Is there a way to configure the server so that malicious users cannot try multiple log-in attempts without reconnecting? Ideally I would like to be able to configure the connection to be dropped after 3 invalid attempts at the password.
I've just been watching someone hit a server trying to log in as 'admin' with thousands of different passwords. Obviously we would not have obvious user ids but the effect of this is to flood the server to the extent that regular users are failing to connect. There is also a remote possibility that given enough time the cracker could get lucky and get a real user id / password. How do you recommend we protect the server against this form of attack? Thanks John Garrould
