4 Nov
2015
4 Nov
'15
9:28 a.m.
On Nov 4, 2015, at 8:59 AM, Krzysztof Grobelak <kgrobelak@airspeed.ie> wrote:
So then instead of delaying the reject would it be maybe more optimal solution to simply blacklist the user for certain amount of time?
Yes.
Create a database entry for user after the first failed attempt and then after 3 failed attemts blacklist for a period of time. The setup would not be much more complex than the one for incremental reject delay and it would save me the need to upgrade. I'm on version 3.0.7 right now.
Does this sounds reasonable?
Yes. Alan DeKok.