Module Authlogic::Session::BruteForceProtection
In: lib/authlogic/session/brute_force_protection.rb

A brute force attacks is executed by hammering a login with as many password combinations as possible, until one works. A brute force attacked is generally combated with a slow hasing algorithm such as BCrypt. You can increase the cost, which makes the hash generation slower, and ultimately increases the time it takes to execute a brute force attack. Just to put this into perspective, if a hacker was to gain access to your server and execute a brute force attack locally, meaning there is no network lag, it would probably take decades to complete. Now throw in network lag and it would take MUCH longer.

But for those that are extra paranoid and can‘t get enough protection, why not stop them as soon as you realize something isn‘t right? That‘s what this module is all about. By default the consecutive_failed_logins_limit configuration option is set to 50, if someone consecutively fails to login after 50 attempts their account will be suspended. This is a very liberal number and at this point it should be obvious that something is not right. If you wish to lower this number just set the configuration to a lower number:

  class UserSession < Authlogic::Session::Base
    consecutive_failed_logins_limit 10
  end

Methods

included  

Included Modules

InstanceMethods

Classes and Modules

Module Authlogic::Session::BruteForceProtection::Config
Module Authlogic::Session::BruteForceProtection::InstanceMethods

Public Class methods

[Validate]