Comment by joshspankit
3 years ago
I think that’s overcomplicating it: Just do it site-wide for all login attempts (always on, or like the captcha: as-needed)
3 years ago
I think that’s overcomplicating it: Just do it site-wide for all login attempts (always on, or like the captcha: as-needed)
So now in the case of a bot attack no one can login. That doesn’t work.
What do you mean?
If you block all logins for 5 seconds after a bot attempts to login, and the bot attempts to login 50 times per second, no one will be able to login.
2 replies →