Authlogic has an Authlogic :: Session :: BruteForceProtection module (you can find how it implemented here ). Basically, it blocks the account after N failed logins. From the doc:
By default, consecutive_failed_logins_limit, the configuration parameter is set to 50, if someone cannot log in sequentially after 50 attempts, their accounting will be suspended. This is a very liberal number and for now it should be obvious that something is wrong. If you want to reduce this number, set the configuration to a lower number:
class UserSession < Authlogic::Session::Base
consecutive_failed_logins_limit 10
end
To enable this field, the model MUST have fail_login_count (integer).
You can activate this module and add your control mechanism to the controller.
. " IP".
" IP" ( , , , , DOS ), , , ( rails). front-end (proxy).