Page 1 of 1

login fail timeout, proxy ip, need general security advice

Posted: Sat Jan 23, 2010 5:56 pm
by scarface222
First off, anyone know of an efficient way to time out users who have failed login multiple times? I want to prevent injection attacks so I am thinking of setting up a separate database table, that keeps track of login fails and then prevents login...but I am thinking, how can you identify a user if they simply run every possible combination of logins and try to force their way in. I currently keep track of guest ips...

Also, what is the best way to fight against malicious users who use a proxy each time to create an account? I currently use $ip=$_SERVER['REMOTE_ADDR']; to retrieve ip when necessary but do not know how accurate that is. So when I ban an ip it may be useless.

If you have any other general security advice, I would love to hear it.

Re: login fail timeout, proxy ip, need general security advice

Posted: Sun Jan 24, 2010 11:55 am
by scarface222
Anyone deal with issues like these before?