block IP addresses that do not yield a host name by nslookup #103
Comments
|
Sounds like a very good idea! That could tie into the idea of the adaptive number of allowed login attempts (#76). I'll have to check however how costly one nslookup is on average, in comparison to the rest of the request, do you maybe know that? If it were too expensive, it is possible that this could make denial-of-service attack easier, and outweigh the benefit of knowing some additional information about the potential attacker. |
|
To clarify a bit more, my plugin only comes in after failed login attempts; being able to preemptively block users from accessing the site / the login form before even their first attempt is not a goal of this plugin. I will however consider name resolution in the adaptive allowed login attempts framework linked to above; since this might incur a performance overhead, I will probably make it optional; further discussion of this implementation will be done at #76. |
more than 50% of all locked ip addresses of our joomla home page do not yield a host name when doing an nslookup. But 100% of our accepted users use an IP address that is associated with a host name. I propose to check new IP addresses using nslookup and block, if no hostname is retrieved.
The text was updated successfully, but these errors were encountered: