jbelelieu
commented
7 years ago These types of things are best handled by servers, not programs. I recommend using servers with firewalls and strong DDOS protection.
Open rob-mosher opened 7 years ago
jbelelieu
commented
7 years ago These types of things are best handled by servers, not programs. I recommend using servers with firewalls and strong DDOS protection.
dsnyder0li
commented
7 years ago I was thinking of installing ModSecurity to address this. It probably won't stand up to a well orchestrated DDoS attack (few things can), but there are enough configuration options to fend off more common attacks. Looks like there's now native support for nginx as well. https://github.com/SpiderLabs/ModSecurity-nginx
Hello and thank you for your work on Zenbership!
I'm unable to find any options or documentation on brute-force protection. Is there any support currently for this? If not, I'd be willing to generate fail2ban logic based off of frontend (./) and admin (./admin/) logins (and any other type deemed necessary.) For this I'd need to know if the logic for logging for failed-login-attempts was consistently in place.