login fail timeout, proxy ip, need general security advice

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

login fail timeout, proxy ip, need general security advice

Post by scarface222 »

First off, anyone know of an efficient way to time out users who have failed login multiple times? I want to prevent injection attacks so I am thinking of setting up a separate database table, that keeps track of login fails and then prevents login...but I am thinking, how can you identify a user if they simply run every possible combination of logins and try to force their way in. I currently keep track of guest ips...

Also, what is the best way to fight against malicious users who use a proxy each time to create an account? I currently use $ip=$_SERVER['REMOTE_ADDR']; to retrieve ip when necessary but do not know how accurate that is. So when I ban an ip it may be useless.

If you have any other general security advice, I would love to hear it.
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: login fail timeout, proxy ip, need general security advice

Post by scarface222 »

Anyone deal with issues like these before?
Post Reply