Three Strokes and you are out
I have previously written about Spam entries on the web site and their elimination, but now I turn to 'Invalid Login attempts'.
I have been watching these with interest for a few weeks, and it is particularly interesting to see where they originate from.
Like the Spam entries a lot of these seem to originate from the Far East. I am currently adopting a policy of immediately blocking 'Administrator Login attempts'. No quarter given, I can think of no valid reasons why they should be tried by anyone other than those authorised to do so.
Turning to normal login attempts I have a policy of seeing how many different user names are tried from a specific IP address. Once they have tried 3 different ones I immediately block them. I must admit I am building up quite a long list. Perhaps I should generate a graphical display of the souces, it could be quite interesting to see, and watch how it changes over time.
Given a single host country as being the source of a lot of these attempts, one could always block all the IP addresses assigned to that specific country but it does seem like 'using a sledge hammer to crack a nut' approach. Possibly I will come round to that approach eventually.
The one single thing that I have not yet investigated is how accurate the IP address actually is. Programs such as 'tor' generate anonymity of the IP address so do we actually know where they come from at all? If its' use became widespread blocking of IP's might be a little bit of a waste of time anyway!