[Dshield] password cracking attempt

Jens Knoell jens at ing.twinwave.net
Tue Aug 28 21:50:30 GMT 2001


This is rather tricky. There is no "native" way of restricting the number of
login attempts to a certain page, as far as I know.

The other way is to "manually" script the login, i.e. not using your
webservers native mechanisms. Doing so allows you to implement all kinds of
filters, i.e. temporarily locking out certain IPs and so on.

Jens

----- Original Message -----
From: "Steve Mainwaring" <SteveMainwaring at matthewclark.co.uk>
To: <dshield at dshield.org>
Sent: Tuesday, August 28, 2001 10:11 AM
Subject: [Dshield] password cracking attempt


> On the weekend I received thousands of hits from various european and
asian
> domains. Each were using a password cracking submitter program to try and
> gain access to a members area I have on the website.
>
> Log file shows that one IP address tried logging on with username HTTP but
> 503 different passwords.
>
> a) Why me? do they go around looking for sites with password protected
areas
> and pass the website onto other crackers to share the load?
>
> b) What can I do to prevent this or to limit damage?
>
> It seems the only damage done is that the server slows down a bit.
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> **********************************************************************
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield
>




More information about the list mailing list