httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Trainor <i...@hostinthebox.net>
Subject Re: [users@httpd] Modules to combay Password Trading
Date Sat, 12 Feb 2005 23:19:22 GMT
Gary W. Smith wrote:
>>>From a development standpoint you can just create a script that will
> parse the log file and compare the number of IP's that user that user
> account during a given period and if they go beyond a threshold then
> lock the account or reset the password.
> 
> A commercial equities firm that I work for does something similar to
> this on one of their web sites.  In our case we find that one user might
> log in from two or three different IP's in one day but when we see
> something like 20 then we lock them out and wait for them to call.
> 
> 
> 
>>  I know there are many commercial alternatives out there to prevent
> 
> the
> 
>>use of stolen passwords or to stop password trading, and they all work
>>well, but I was curious as to if there were any opensource Apache
>>modules that perhaps would do just as good of a job, if not better.
>>
>>I did not see anything on modules.apache.org.
>>
>>If anyone has any experience in this realm, I would surely appreciate
>>your input.
>>
>>Thanks
>>-dant
>>

Gary -

I appreciate the input, but I am well aware of how it all works.  The 
problem that I am faced with is that I am looking for an automated 
system to do this.  The reason why ProxyPass was so effective and such a 
good product is that it automated the process of detecting multiple 
logins, while taking into consideration how a few people may log in 
twice from the same computer, people who are "allowed" to share 
passwords, stuff like that.

With that being said, I am still looking for an opensource solution to 
this problem.  As much as I enjoy using ProxyPass, it's still a hefty 
hunk of change each month, especially when taking in to consideration 
the number of machines that I have it deployed on.

Thanks!
-Dan Trainor
-hostinthebox.net

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message