Reply to thread

Message

<blockquote data-quote="SpudR" data-source="post: 401814" data-attributes="member: 54104">I'm doing the white list thing for my remote access - I also have .htpasswd files on all web folders open to the public, but there is nothing sensitive in them.You can go mad with security, but it soon gets in the way!The best solution is DON'T expose yourself unnecessarily - only open the stuff you NEED to the public domain and set up a strong gatekeeper for the rest <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite1" alt=":)" title="Smile&nbsp; &nbsp; :)" loading="lazy" data-shortname=":)" />If possible - try the M$ solution - 3 attempts, then increasing times between failed attempts (start with 30 seconds and increase with every failed attempt. reset the counter after 10 minutes of inactivity). This will stall any brute force attempts, whilst still allowing you to have some typos...</blockquote>

[QUOTE="SpudR, post: 401814, member: 54104"] I'm doing the white list thing for my remote access - I also have .htpasswd files on all web folders open to the public, but there is nothing sensitive in them. You can go mad with security, but it soon gets in the way! The best solution is DON'T expose yourself unnecessarily - only open the stuff you NEED to the public domain and set up a strong gatekeeper for the rest :) If possible - try the M$ solution - 3 attempts, then increasing times between failed attempts (start with 30 seconds and increase with every failed attempt. reset the counter after 10 minutes of inactivity). This will stall any brute force attempts, whilst still allowing you to have some typos... [/QUOTE]

Verification