I'm having around 30-40,000 attempted logins per day and it's rising. At first it was a single IP, now there's 2-3 different IPs trying to brute force. Is there a simple & effective way to automatically lock them out after X number of attempts?
Mh... I would simply set a rule which IP's are allowed and block everyone else. I googled around a bit and found some tips (if you want to use my suggestion) http://forums.iis.net/t/1154397.aspx/1 Code (markup):