How to prevent dictionary attack?



One of our websites receive lots of dictionary attacks from some foreign IPs. the server thus runs very slow.
We know that we can do something on the firewall to prevent too many connections from a single IP. However, i wonder if there is any thing can be done within SS. I read Security » SilverStripe . If there is something written to allow admin to configure within the Settings in CMS to prevent lots of connections from one ip it will be great. For example, the controller will ask user to do a captcha if there is more than 100 page requests from the ip.

It might be worth having a read of this page in the docs: Rate Limiting – SilverStripe Documentation

You could fairly quickly implement some rate-limiting on the application to help reduce the impact.

Thanks! will give it a go

I suspect that the kind of rate limiting shown in the docs would increase security (by limiting bruce force attempts), but might not have a gigantic effect on performance since SilverStripe would still be bootstrapped for each request. Pairing SS rate limiting (for security) with firewall rate limiting (for performance) would probably be a winning combo.