Another option is to lower the throughput (number of login requests handled per minute) for that IP address. In this case you should probably use Wicket 2 to optimize session usage.
Erik. Korbinian Bachl schreef: > Bad idea - some ISPs and proxys would be locked out... cachapta would be > solution of choice here. > > Regards > > Korbinian > > > >> -----Ursprüngliche Nachricht----- >> Von: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] Im Auftrag >> von Johannes Fahrenkrug >> Gesendet: Montag, 6. November 2006 14:01 >> An: wicket-user@lists.sourceforge.net >> Betreff: [Wicket-user] Prevent Brute Force and the like >> >> Hi! >> >> I'd like to prevent brute force attacks on the login page of >> my wicket application. What would be the best approach? This >> is what I'm thinking about doing: Record when the last >> request for the loginpage from a certain IP came in and only >> handle the request when at least a second or two have passed. >> This would have to be done application wide because when an >> attacker uses a tool like cURL a new session is created with >> each request. >> >> So what would you guys suggest? >> >> - Johannes >> >> -- Erik van Oosten http://www.day-to-day-stuff.blogspot.com/ ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user