Hi,
I had the same issue, so I ended up developing a script to run
through the logs and match failed logins from the same IP during a given
time period. Whenever an IP address failed over a given amount of
logins, the script would generate a .htaccess file, thus preventing the
IP from accessing the site.
Note that this is just the basic concept of this mechanism, it would
be advisable to implement some kind of history and unblock mechanism,
because the thresholds will end up failing one way or another.
--
Best regards,
Filipe Azevedo
Jacky Chan wrote:
Hi all,
I am wondering whether Horde-IMP has this function for security concerns.
I used IMP as Horde authentication application.
But I logged there are plenty login failure record generated for IMP.
And the username is obivously generated from dictionary.
And the login retry period is so short from one IP that seems to be machine
generated.
That let me believe that I was under dictionary attack.
I would like to ask IMP or Horde can deny the IP when number of login
failure over certain limit in short range? Or Horde/IMP doesn't handle,
please give me hints on this from third party.
Thanks.
Regards,
Jacky
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
