Possible/partial duplicates:
I am looking for the best way to implement a moving time window rate limiting algorithm for a web application to reduce spam or brute force attacks.
Examples of use would be "Maximum number of failed login attempts from a given IP in the last 5 minutes", "Maximum number of (posts/votes/etc...) in the last N minutes".
I would prefer to use a moving time window algorithm, rather than a hard reset of statistics every X minutes (like twitter api).
This would be for a C#/ASP.Net app.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…