Chris McKeever wrote:
>I like this idea --
>
>what happens is someone gets in the penalty box at minute 4 - are they
>only in for a minute - or are you flushing based on being in for 5
>minutes and they are time stamped as to when they got in there - your
>explanaiton just sounded like every 5 minutes it was flushed
>
>or do you run the log check - add the reciepients to the penalty box -
>wait 5 minutes - clear the penalty box - and then start over?
>
>how do you keep track of the last point you parsed the logs??
>
>
> The whole thing is based on simplicity. Yes - if they hit me 4 minutes in then they are only in for one minute. But - if they are hammering me then once they do it in the next window they are locked out for 5 more minutes. The idea is if they are hitting me 100 times a minute like some of them do - I only have to actually look at one out of 500 attempts. Which is a serious drop in system load.
Yes - it could be done with mysql and be elegant - but that would create the kind of overhead I'm trying to avoid. I'm just tring to stop the hammering.