Open chfoo opened 9 years ago
The authentication code throws HTTP 401 but it doesn't stall or block the client. This makes it feasible for a brute force attack since the tracker is well capable of handling more than 15000 requests per minute.
A work-around is to use rate limiting, on admin URLs, using the web server if supported.
The authentication code throws HTTP 401 but it doesn't stall or block the client. This makes it feasible for a brute force attack since the tracker is well capable of handling more than 15000 requests per minute.