I have php web application (nginx+php-fpm). And someone try to bruteforce password. He have a lot of IPs. Also these bruteforce works like DDOS because each time web application starts and try to process request. And fail2ban
will ban ip after maxretry
times. But I have thousands requests and each request is sent by different ip. How to prevent first POST request to login action without web application starting? Because usual user can't send first his request as POST request.
Asked
Active
Viewed 243 times
0
Dmitro
- 159
- 1
- 5
- 12
-
Make sure you're using bcrypt for password storage. – ceejayoz May 22 '15 at 20:37
1 Answers
1
You're being attacked by a botnet.
Here's a specific solution for your nginx web app
In general these are the steps you follow:
-For specific attacked accounts, give them the option to allow login only from certain IP addresses.
-Assign unique login URLs to blocks of users so that not all users can access the site from the same URL.
-Use a CAPTCHA to prevent automated attacks.
PersianGulf
- 596
- 6
- 21
El Chapo Gluzman
- 396
- 2
- 16