Quote:
Originally posted by buran
Not to get into all the "my dick is bigger than yours" security shit, the actual code that's listed at the top, brute force hackers will never make a request without supplying a username and password. So they'll always get the 200 OK response....
|
... and the cracking program will move on the the next user/pass combination ...
Quote:
Originally posted by buran
Watch your sessions and just start whacking an IP address that makes more than X number of 401 requests inside X number of minutes. You'll build up a nice big list of proxy IP's.
|
the attack of last night where 500000 requests in less than 3 hours! i filtered out all the unique ips. a list of 712 unique numbers! Well, i;m not gonna put all of them in my iptables scripts, because that'll eat cpu as well.
If anyone is interested in that list contact me ...