[Users] Pike module

Stefano Capitanio s.capitanio at caspur.it
Wed Dec 13 13:20:04 CET 2006


Hi,

i want to use pike module to avoid brute-force attack on Register.
are the values of the parameters expressed in seconds?
it seems that there is a problem because i've set:
modparam("pike", "sampling_time_unit", 30)
modparam("pike", "reqs_density_per_unit", 10)
modparam("pike", "remove_latency", 600)

and the routing logic is:
if (method=="REGISTER") {
                        # Checks brute-force attacks
                        if (!pike_check_req()) {
                                sl_send_reply("403", "Too many attempts!");
                                break;
                        };
                        if (!www_authorize("caspur.it", "subscriber")) {
                                www_challenge("caspur.it", "0");
                                break;
                        };
                        save("location");
                        break;
                };

but when I reach the limit it blocks the requests only for less than 1 
minute...
where is the mistake?any idea?

thanks,
Stefano




More information about the sr-users mailing list