First off, anyone know of an efficient way to time out users who have failed login multiple times? I want to prevent injection attacks so I am thinking of setting up a separate database table, that keeps track of login fails and then prevents login...but I am thinking, how can you identify a user if they simply run every possible combination of logins and try to force their way in. I currently keep track of guest ips...
Also, what is the best way to fight against malicious users who use a proxy each time to create an account? I currently use $ip=$_SERVER['REMOTE_ADDR']; to retrieve ip when necessary but do not know how accurate that is. So when I ban an ip it may be useless.
If you have any other general security advice, I would love to hear it.
login fail timeout, proxy ip, need general security advice
Moderator: General Moderators
-
scarface222
- Forum Contributor
- Posts: 354
- Joined: Thu Mar 26, 2009 8:16 pm
-
scarface222
- Forum Contributor
- Posts: 354
- Joined: Thu Mar 26, 2009 8:16 pm
Re: login fail timeout, proxy ip, need general security advice
Anyone deal with issues like these before?