Yes, teaching users to not choose stupid username/password combinations. That's the only correct/true fix. Are you worried about the traffic that it consumes? If so, you continue to play in dicey territory, since you're trying to deduce harmful bots from potentially stupid users that just can't remember their account information. Yes, it's easy to see in the aftermath with human eyes the difference, seeing it as it happens with code, and being right 100% (which is the only acceptable percentage in the case of usability) is difficult.
I don't personally know if anything exists to do what you want to do, but it shouldn't be incredibly hard to write. You could log all the IPs to the database, compare the frequency, and then what you do with them from there is up to you. You could redirect the user elsewhere, or serve them 404s to make them think the content's gone (could have ill effects on SEO in rare cases). Then you could cron up a purge scenario, after so many days, or if you definitely don't like the IP you could write the IPs out to your firewall's blacklist (at least, easy to do in shorewall). Ironically, doing all that will create potentially more database calls and traffic than just weathering the storm. Your call. Btw, don't mean to be blunt/rude, as that's not my intention. Just dealt with a lot of these scenarios as a sys admin in a former life, and the answer is always to beat users over the head until they stop choosing "god/god" as their username/password combination. On Nov 9, 3:57 pm, Adam Seering <aseer...@mit.edu> wrote: > Hi, > Does there exist any code for Django to help defeat brute-force login > attempts? Something like blocking IP addresses from logging in if they > try and fail too many times, etc. > > Adam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
