Not yet, but I do not want to deploy until I have sufficient security in place. I've been using Revive locally as I get familiar with it.
I do not want to wait until the brute force happens (and it will) and then have to rely on the Revive random delay for log-in attempts.
I see now that Revive has no option to log sign-in attempts so I've been hacking about to write a plugin for that.
Sadly, the plugin development docs are pretty dismal. (Current Revive source code still references the now-dead URL https://developer.openx.org/wiki/display/COMM/Plugins+for+2.8)
edit: It occurred to me that, with no failed authorization logging, how would one know if there have been brute-force attacks? Parse the access log for repeated calls to the sign-in page? Anyways, I added code (maybe 10 lines in total) to my installation to write to the syslog when sign-in fails, and now I can have fail2ban handle this for me.
Neurogami got a reaction from andrewatfornax in Can Revive used with fail2ban?