26.11.2018, 13:06
People have dynamic ips nowadays, so banning them isn't effective, unless, you do it temporary.
You can have this type of mechanism in place:
Use multiple passwords. Each passwords with its own hint.
before you attempt a login, you check the hint, so you know what password to use.
Every time a login attempt is made, the password is changed, even if the login is successful.
Password should change by itself every 15 seconds (without any login attempts).
If there are multiple failed attempts within a second by the same IP, you ban that IP for 15 - 30 min.
With this system, if you have at least 15 passwords, no one should be able to break into your server.
You can have this type of mechanism in place:
Use multiple passwords. Each passwords with its own hint.
before you attempt a login, you check the hint, so you know what password to use.
Every time a login attempt is made, the password is changed, even if the login is successful.
Password should change by itself every 15 seconds (without any login attempts).
If there are multiple failed attempts within a second by the same IP, you ban that IP for 15 - 30 min.
With this system, if you have at least 15 passwords, no one should be able to break into your server.