Hi,
I am in front of a security issue. We are running several site using
modperl. Last days, a hacker used a script to call some script of our sites
for bad purpose. He needed to be authenticated, but we are only using
session cookies. Then, once he was loged in, he could retrieve this id and
I've had people run password guessing scripts and stuff.
I've handled it on a case by case basis, ie, limit the number
of wrong guesses.
There are a bunch of modules that can set limits as well which
can come in handy against very brutish sorts of misuses of your site,.
I used mod_throttle.c,
Try this.
http://www.snert.com/Software/mod_throttle/
Tor.
fred wrote:
Hi,
I am in front of a security issue. We are running several site using
modperl. Last days, a hacker used a script to call some script of our sites
for bad purpose. He needed to be authenticated, but we are only
I am in front of a security issue. We are running several site using
modperl. Last days, a hacker used a script to call some script of our
sites
for bad purpose. He needed to be authenticated, but we are only using
session cookies. Then, once he was loged in, he could retrieve this id
and