I made some web-site using PHP & Javascript and in order to use its contents a man must registered, e.g. be logged. Well, it is possible to guess password (if you know at least one username) by brute force and I would like to know is there some way to block only this computer that has been used for attacking (tried guessing password more than 10 times)!? If I block just IP there is a way that user hide or change IP and repeat attack. :diss: I know some facts about MAC-address but not sure how much is possible it in praxis? Or by cookie, or…? Do you have some idea? It would be OK if attacker at least could be blocked after 10 wrong passwords 15 minute… :stunned:
Any thought?
