|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
01-09-2005, 03:34 PM
|
#1 |
|
Confirmed User
Join Date: Jan 2005
Posts: 278
|
HTACCESS issue. Proxy brute force attacks. Help me!
How can I limit the number of failed login attempts (passwd authentification thru htaccess) to once every 30 seconds for example to prevent proxy brute force attacks and reduce my server's load? Is there any way to configure mod_auth and add a line in the .htaccess file to do that?
I use pennywize but its not enough. I am getting a massive attack and absolutely need to stop it. Each attack (failed request) is leaving a process unfinished, so the server kills the "child" process left open by the "parent" after a relatively long period of time making the server load very high. Even if I reduce it, getting so many failed requests per second is just too much and I might prevent access to legit members. Thanks in advance for any help you kind people may give me. 
__________________
Alex |
|
|
|
01-09-2005, 03:36 PM
|
#2 |
|
Two fresh affiliate progs
Industry Role:
Join Date: Nov 2004
Location: Inside teen pussy
Posts: 29,602
|
Damn, that sucks. We were getting attacked last week. Our server guys handles it and was having a tough time.
__________________
[email protected] Skype: 17026955414 Vacares Web Hosting - Protect Your Ass with Included Daily Backups |
|
|
|
|
01-09-2005, 03:53 PM
|
#3 | |
|
Confirmed User
Industry Role:
Join Date: Nov 2003
Location: Olongapo City, Philippines
Posts: 4,618
|
Quote:
I'd suggest you contact Ray Morris and ask him. I'm almost positive his Strongbox software will handle this. If he's online he'll probably get it installed right away. I can't speak for him, of course, but he seems to be like that  Ray's ICQ is 7-208-627 |
|
|
|
|
|
01-09-2005, 03:58 PM
|
#4 | |
|
Confirmed User
Join Date: Jan 2005
Posts: 278
|
Quote:
__________________
Alex |
|
|
|
|
|
01-09-2005, 04:11 PM
|
#5 |
|
Confirmed User
Industry Role:
Join Date: Oct 2004
Posts: 145
|
I had the same issues when running just pennywise. I now use proxypass as well, it has stopped all the brute force proxy attacks cold.
http://www.proxypass.com/ I run both pennywise and proxypass because I like the reporting functions for member access with pennywise, they recommend not to it because of server load concerns but I've not had any problem have both running so far. |
|
|
|
|
01-09-2005, 04:12 PM
|
#6 |
|
Confirmed User
Join Date: Mar 2002
Location: Mass Ass
Posts: 5,294
|
__________________
|
|
|
|
|
01-09-2005, 04:22 PM
|
#7 | |
|
Confirmed User
Join Date: Jan 2005
Posts: 278
|
Quote:
__________________
Alex |
|
|
|
|
|
01-09-2005, 04:33 PM
|
#8 |
|
Confirmed User
Industry Role:
Join Date: Oct 2004
Posts: 145
|
Yea, each site is different, you just have to figure out if its worth it for your site. 90$ per month verses wasted time dealing with hacked membership accounts, rebill cancellations and bandwidth usage caused by hacked passwords.
|
|
|
|
|
01-09-2005, 04:38 PM
|
#9 | |
|
Confirmed User
Join Date: Jan 2005
Posts: 278
|
Quote:
__________________
Alex |
|
|
|
|
