would be great if the webserver (selfhosted) blocks an ip after a few bad logins, a DoS attack protection was also useful