codeling
commented
9 years ago Current Ideas for adapting the allowed numbers of failed logins include:
- if IP is whitelisted for given user (whitelisted -> allow more attempts, see also https://github.com/codeling/bfstop/issues/24#issuecomment-66806939)
- if geolocation of IP is close to that of the IP of the server (farther away -> allow less attempts)
- if a common user name (e.g. 'admin') is used (common user name is used -> allow less attempts)
- current overall amount of failed logins (e.g. in the last hour) (if more overall failed logins -> reduce number of attempts before blocking)
- if IP does not resolve to a proper host name via nslookup, allow less atempts (#103)
As elaborated a bit in this comment, one or more policies determining an adaptive number of allowed failed attempts might be useful against distributed brute force attacks.