[wp-hackers] Limit Login Attempts
David Anderson
david at wordshell.net
Tue Apr 16 16:10:32 UTC 2013
I wonder if Spamhaus's XBL - http://www.spamhaus.org/xbl/ - would help.
Does anyone have a sample list of IP addresses involved in the current
attacks? Fancy checking them against the XBL? What percentage would be
blocked if you deployed a plugin that blocks IP addresses on the XBL
from logging in?
David
On 16/04/13 16:59, David Anderson wrote:
> With the present attacks, per-IP blocks are not necessarily effective,
> because the attackers have vast numbers of IPs.
>
> The attack is distributed. So why shouldn't we build a distributed
> defence?
>
> Produce a plugin that, before allowing login, verifies the connecting
> IP against a source in the cloud. All that's needed is someone to
> provide that source in the cloud. "Dear cloud - what do you think of
> that IP" "Well, that IP has had A failed logins on B different
> WordPress sites in C different countries in the last D minutes" (tweak
> accordingly to have a sensible algorithm, etc.).
>
> That's a gap in the market for someone to earn some community credit,
> or money, from.
>
> David
>
>> --
>> WordShell - WordPress fast from the CLI - www.wordshell.net
>
> --
> WordShell - WordPress fast from the CLI - www.wordshell.net
More information about the wp-hackers
mailing list