August 7th, 2001, 10:52 PM
Apache authentication: How can I stop password stuffers?
Hello everyone! Im pretty new here, and I was hoping someone here could help suggest a solution for my problem.
My site is constantly under attack from password stuffers, and we are attacked through these stolen logins.
I have tailed my error logs, and noticed that when someone is running one of these proxy based password stuffer programs, they send about 20-100 login/password requests per second!
Does anyone know a way to set "apache authentication" (the standard popup window for username/login entry on webpages) to allow 3 attempts as normal, and after 3 failed, it will require a 60 second latency in between the next attempts?
I have no clue how to stop the attacks, but I figured if i could slow them to a crawl, it would be a pretty good solution.
Thanks for any suggestions, or comments! : )