ADG is severely lacking in security features. There needs to be some sort of setting that will block an IP address for an hour or so if they attempt login more than 20 times (with bad passwords). Our webserver is getting spammed with login attempts
DOS (Denial Of Service) type attacks are better handled at a firewall level. Whilst we could certainly lock out users on an IP based value, there is no saving on resources, because we still have to do a database lookup in order to determine if the IP address is on a blacklist or not. Modern firewalls can automatically add IP addresses to blacklists.
DOS (Denial Of Service) type attacks are better handled at a firewall level. Whilst we could certainly lock out users on an IP based value, there is no saving on resources, because we still have to do a database lookup in order to determine if the IP address is on a blacklist or not. Modern firewalls can automatically add IP addresses to blacklists.
I am forwarding this to development for review.