Open rob-mosher opened 7 years ago
These types of things are best handled by servers, not programs. I recommend using servers with firewalls and strong DDOS protection.
I was thinking of installing ModSecurity to address this. It probably won't stand up to a well orchestrated DDoS attack (few things can), but there are enough configuration options to fend off more common attacks. Looks like there's now native support for nginx as well. https://github.com/SpiderLabs/ModSecurity-nginx
Hello and thank you for your work on Zenbership!
I'm unable to find any options or documentation on brute-force protection. Is there any support currently for this? If not, I'd be willing to generate fail2ban logic based off of frontend (./) and admin (./admin/) logins (and any other type deemed necessary.) For this I'd need to know if the logic for logging for failed-login-attempts was consistently in place.