Quote:
Originally posted by angelsofporn
I need a solution quick. I have tons of passwords hacked on our system everyday and it is starting to eat at the bottomline because legitimate subscribers cannot access the accounts they pay for.
We have pennywize in place and it blocks the brute force guys and kills passwords that are being accessed from more than a certain number of subnets in a 24 hour period.
How can i get something like this?
http://members.hardcoretraining.com/?lang=en
This seems to be the way to go.
|
first you should identify how they get in the first place.
- some of them use bruteforce attacks to guess the logins.
- some of them find a backdoor to insert their own user logins into your user management system.
pennywize is good for detecting multiple uses of the same login but you need a solution that blocks brute force attacks at the server connection level as well, so they dont even get to apache.