Suggestion: Block IP for webserver access after X unsuccesful tries
  • Hi! I had an hacker trying to brute force into my SecuritySpy webserver with "admin" and several thousand passwords. Firewall IDS dected it but I but I would welcome a block on IP basis in SecuritySpy after X unsuccessful logins.

    Thanks!
  • SecuritySpy already detects this situation and delays its responses after several failed login attempts. This limits the frequency at which an attacker can attempt to brute-force the password, making it virtually impossible to guess a strong password. So I think the current protection is strong, though perhaps an additional automatic temporary block, in addition to the delay, would be a good idea - we'll see what we can do for the next update.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!