HTACCESS issue. Proxy brute force attacks. Help me!

[Miura]

How can I limit the number of failed login attempts (passwd authentification thru htaccess) to once every 30 seconds for example to prevent proxy brute force attacks and reduce my server's load? Is there any way to configure mod_auth and add a line in the .htaccess file to do that?
I use pennywize but its not enough. I am getting a massive attack and absolutely need to stop it. Each attack (failed request) is leaving a process unfinished, so the server kills the "child" process left open by the "parent" after a relatively long period of time making the server load very high. Even if I reduce it, getting so many failed requests per second is just too much and I might prevent access to legit members.
Thanks in advance for any help you kind people may give me.

[NaughtyRob]

Damn, that sucks. We were getting attacked last week. Our server guys handles it and was having a tough time.

[fusionx]

Quote:

Originally Posted by Miura

How can I limit the number of failed login attempts (passwd authentification thru htaccess) to once every 30 seconds for example to prevent proxy brute force attacks and reduce my server's load? Is there any way to configure mod_auth and add a line in the .htaccess file to do that?
I use pennywize but its not enough. I am getting a massive attack and absolutely need to stop it. Each attack (failed request) is leaving a process unfinished, so the server kills the "child" process left open by the "parent" after a relatively long period of time making the server load very high. Even if I reduce it, getting so many failed requests per second is just too much and I might prevent access to legit members.
Thanks in advance for any help you kind people may give me.

There's not much you can do when they are using proxies, at least based on time between login attempts.

I'd suggest you contact Ray Morris and ask him. I'm almost positive his Strongbox software will handle this. If he's online he'll probably get it installed right away. I can't speak for him, of course, but he seems to be like that

Ray's ICQ is 7-208-627

[Miura]

Quote:

Originally Posted by fusionx

There's not much you can do when they are using proxies, at least based on time between login attempts.

I'd suggest you contact Ray Morris and ask him. I'm almost positive his Strongbox software will handle this. If he's online he'll probably get it installed right away. I can't speak for him, of course, but he seems to be like that

Ray's ICQ is 7-208-627

Thank you very much! I'll get in touch with him and see if his soft can help.

[Beerbar]

I had the same issues when running just pennywise. I now use proxypass as well, it has stopped all the brute force proxy attacks cold.

http://www.proxypass.com/

I run both pennywise and proxypass because I like the reporting functions for member access with pennywise, they recommend not to it because of server load concerns but I've not had any problem have both running so far.

[hyper]

http://www.bettercgi.com/strongbox/

[Miura]

Quote:

Originally Posted by Beerbar

I had the same issues when running just pennywise. I now use proxypass as well, it has stopped all the brute force proxy attacks cold.

http://www.proxypass.com/

I run both pennywise and proxypass because I like the reporting functions for member access with pennywise, they recommend not to it because of server load concerns but I've not had any problem have both running so far.

Looks really good but at $50/month I find it expensive. Pennywize + ProxyPass = $90/month.

[Beerbar]

Yea, each site is different, you just have to figure out if its worth it for your site. 90$ per month verses wasted time dealing with hacked membership accounts, rebill cancellations and bandwidth usage caused by hacked passwords.

[Miura]

Quote:

Originally Posted by Beerbar

Yea, each site is different, you just have to figure out if its worth it for your site. 90$ per month verses wasted time dealing with hacked membership accounts, rebill cancellations and bandwidth usage caused by hacked passwords.

Every login is the member's e-mail address + an auto-generated password made of 8 characters with Upper/lowercase characters so all the attempts to hack in always fail. 99% of attacks are dictionary or single word/numbers combinations. I have never had a login compromised in 7 years of running the site. My problem is the server load.