I love the idea and have used this on a few sites.
I have a site that is mainly for users from a single institution. The whole institution is (probably) behind a single IP address. So, a few failed logins from different users could quickly look like a cracker at work, and lock everyone out – not just out of this site, but out of all Brute-Protected site. Or perhaps not – it’s hard to say… the question is: what are the limits? And secondly… can they be made configurable? (e.g. “Don’t report the IP to BruteProtect central unless it has X failures within Y minutes” – depending on how BP actually works under the hood).
- The topic ‘How many attempts?’ is closed to new replies.