Prev   Next

Back to the top of the FAQ

Q. I have WebQuota, what are the optimal settings for preventing account abuse?

A. WebQuota provides several tools for preventing account abuse, including:

  • Limiting concurrent logins.
  • Throttling bandwidth consumed
  • Dictionary Attack Protection (DAP)
Here are some suggested settings for each. Apply these settings to each directory you have protected with WebQuota/AuthentiX

Limit concurrent logins enabled checked:
Concurrent logins exceed: 3
Deny Excess checked
Nofify by email checked, fill out the Configure Email dialog appropriately.
If you are using the internal database: Expire account checked
If you are using the ODBC database: Update ODBC Database checked, fill out the Configure ODBC Update dialog appropriately.
In the main GUI dialog: Options dialog: Limit-Concurrent-Logins, consider only top three octets checked

Throttles enabled checked:
Restrict Kbytes served to each user: Checked
Permit up to 10000 kbytes in each 3 hour period.
Restrict Requests served to each user: Checked
Permit up to 1000 requests in each 1 hour period.
Restrict Sequential logins to each user: Unchecked

Dictionary Attack Protection enabled checked:
If login attempt fails more than 50 times
within 30 minutes
block IP address checked for 60 minutes
Write to event log checked

Remember these are just suggestions, you can fine tune these settings to your own requirements.

Also see here.

Back to the top of the FAQ

Prev   Next