On 5/7/07, Steve Summit <scs(a)eskimo.com> wrote:
detect repeated login failures and (a) lock out the
account,
Which makes it trivial for someone with no account and no password to
any account to effectively block all admins.
(b) slow way down,
Doable.
and/or (c) notify the (real) user.
Who doesn't have any ability to affect the login failures, or likely
know where they're coming from, and you just spam them...
IP-based throttles and restricting the same IP from connecting to
multiple different accounts are the main things that come to mind...
how that works with the massively shared IPs (like those country-wide
gateways) is another question. I can think of some ways that might
deal with it, but the technical detail gets a little complex.
-- Jake Nelson
[[en:User:Jake Nelson]]