Forum OpenACS Development: Re: Blocking access to login based on repetitive hits by ip address? (Again!)

I believe you should move the code from index.tcl to user-login.tcl.  An automated hackbot can skip index.tcl and hack away at user-login.tcl.

Also there isn't any danger in index.tcl being retrieved thousands of times, the danger is in login attempts via user-login.tcl.

I would put this code into the failed login portion(s) of user-login.tcl.  That way successful logins do not affect your counter, minimizing your chances for accidently blocking users that share an IP.