Hello. Over the past month ive had someone sending thousands of login requests to my login page. Each day they do it they use a different IP address. When its happening, to stop it I simply go into my hostgator control panel & add the IP to the IP deny manager. They then will wait a few days & do it again from a different IP. Each time they do this it causes my CPU to raise. Im not worried about them trying to get in one of my subscribers accounts because I am aware of amembers brute force protection. However the bruteforce protection simply makes them wait a certiain amount of time before it will actually try to log them in again. The person is still able to constantly (try) to login while the waiting period is active. So with that being said thousands of login requests are still being sent & raising my cpu. Is there a way that after 5 login attempts the person can be redirected to an error page or another site or something. Hostgator said the following should help with this. Thank you for contacting us. In fact, Amember should be able to reduce the CPU load. If blocked user (by amember bruteforce protection) are still able to access the login page they will be loading that script constantly and still be using CPU resources. Unfortunately, we are not aware how the brute protection of Amember works but they may be able to optimize it and blocked users can be redirected to another website and not being able to access the login page. They can filter the blocked users by IP and those IP which are already blocked and still trying to access the site they can send their request to another website or just show them a 403 (forbidden) error page. Or they can also add a connection limiter per IP on their code. This will be more effective to reduce the CPU resources than letting blocked users to still access the login page and keep popping them with a wait to login messege.
Im aware of the brute force protection as I stated above. Yes the bruteforce protection absolutely does work for not allowing access to the subscription area. My issue is that the person doesnt get it but is allowed to keep constantly trying to login, even during whatever set waiting period I select. This causes my CPU load to go up. If after a certain amount of attempts the person, or robot he or she is using, is sent to an error page or something, then my load wouldnt go up. Here is a visual of my log. Times this by thousands & you see what im saying. Its all constant failed login attempts. TimeURLIPMessageTrace 01/09/14, 03:50 AM …bscribe/content/f/id/186/ 108.212.203.162 Unknown scheme Click to Expand 01/09/14, 03:50 AM …bscribe/content/f/id/186/ 108.212.203.162 Unknown scheme Click to Expand 01/09/14, 03:50 AM …bscribe/content/f/id/186/ 108.212.203.162 Unknown scheme Click to Expand 01/09/14, 03:50 AM …bscribe/content/f/id/186/ 108.212.203.162 Unknown scheme Click to Expand 01/09/14, 03:50 AM …bscribe/content/f/id/186/ 108.212.203.162 Unknown scheme Click to Expand 01/09/14, 03:50 AM …bscribe/content/f/id/186/ 108.212.203.162 Unknown scheme Click to Expand 01/09/14, 03:50 AM …bscribe/content/f/id/186/ 108.212.203.162 Unknown scheme Click to Expand 01/09/14, 03:49 AM …bscribe/content/f/id/186/ 108.212.203.162 Unknown scheme Click to Expand 01/09/14, 03:49 AM …bscribe/content/f/id/186/ 108.212.203.162 Unknown scheme Click to Expand 01/09/14, 03:48 AM …bscribe/content/f/id/186/ 108.212.203.162 Unknown scheme Click to Expand