Delay config documentation

[dmitton42]

I've just installed this on a site that sees attacks every day.

I'd like to see a discussion of what the parameters on the Delay tab do:
What are the units of Delay (seconds, minutes, hours??)
What process/change does Adaptive Delay enable?
Maximum Delay defaults to 0, does that mean off or infinite? Range? Units?
What do Min and Max Threshold do? and again, units?

Thanks.

[codeling]

A short discussion of each parameter is given in the mouse-over hints.
The unit of delays is in seconds - as mentioned in the hint for the "delay" (but not in maximum delay, as I just noticed, but it's the same there).

The adaptive delay process is described in the mouse-over-hint for "Adaptive delay".

It's intended to be a measure against distributed attacks.
The more failed logins there are per hour, the longer the delay that's used before a failed login response is shown.
As soon as the attacks per hour go over the "min. threshold" the adaptive threshold linearly increases, and reaches the maximum of "Maximum delay" seconds when "max. threshold" is reached.

When "adaptive delay" is set to disabled, all settings below don't have any effect, only the "delay" is also used by itself for delaying the response each failed login attempt.

I will put this into the wiki as well. Any comments on the procedure? For upcoming versions I'm planning to improve the defence against distributed attachs through adaptive failed login allowances (which are probably more effective than delaying response), see here: #76

[codeling]

Where would you have expected to see this documented?
Does this clarify your concerns?

[codeling]

See https://github.com/codeling/bfstop/wiki/Feature-Descriptions#adaptive-delay