blocking the unauhtorized user

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dibyendra
Forum Newbie
Posts: 20
Joined: Tue Aug 12, 2003 2:26 am
Location: Nepal

blocking the unauhtorized user

Post by dibyendra »

Hi there,
I have seen many site blocking the user after they try to login more than three times for certain time. Is it possible through scripting?I'm wondering how can I do that. :o
Waiting for the resonse
Thanking you
Dibyendra
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

.. add their IP, attempt-count and last-seen time to a file or table and table and don't allow it if the count is too high and last-seen is too close...
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

would IP be good enough to do a check against? Most IP's are dynamically assigned these days, so a user could try 3 times. Disconnect, get new IP and try 3 more times!?
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

bech: depends.

on college campuses it's normally a one month rotation (provided the kid logs off for more then 24 hours, the stale time)


on cable/dsl networks it's a higher stale time. most ppl aren't off long enough to ever get a new address


on dial up that's pointless. disconnect. reconnect. you have a new ip.

how long does it take the person to figureout it's the ip is the issue
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

you can set a cookie but it really provides no security as cookies are easy to delete and fake..

People being able to change their IP is usually no risk, as it usually takes them several seconds to do so, so the "Attack" will be very slow. For thos that do own their own B-Block of IP's (very Unusual unless u're an ISP) and can change rapidly, the attack is still limited to 32 thousand attempts, and that should not be enough to automate password-guessing if the passwords are screened for dictionary words and names and such..
Nay
Forum Regular
Posts: 951
Joined: Fri Jun 20, 2003 11:03 am
Location: Brisbane, Australia

Post by Nay »

I was going to post a new topic on this but I saw the topic, so I might as well save some space and throw in the question here.

Say you block and IP from a person using a dail up connection. In theory, you would redirect the person with that IP to somewhere else, right? Well, what if the user disconnected and reconnected, he or she gets a new IP and is able to get into the site again. That's obvious, but it's not my main question.

If another user had the same IP that was blocked and tries to get into the site, he or she would be redirected to elsewhere, right?

I heard most people are still on a 56k dail up connection.

Any solutions to this?

-Nay
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

[quote=Nay]
If another user had the same IP that was blocked and tries to get into the site, he or she would be redirected to elsewhere, right?
[/quote]
Right. Workarounds...

Stoker mentioned cookies, and I agree fully. It's probably the thing that is worth most attention regarding this, though you cant expect it to be foolproof safe.

I also agree with him about the issue with users changing ip's. It takes to long time. If you are really getting hammered with brute force attempts combined with proxy-sources, you should consider hardware solutions (big $ tho).

The first reply in this thread sounds like a solution worth coding more on.
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

nay: i'm sure it's lower in the total world.. in the us, about a year ago i saw then current stats: 80% still on dial up.

from what i can tell, that number can't have dropped below 50%. i say this because it took the cable company 3 years to get cable access here.. they only made it available becasue rcn came in thanx to the end of the monopolizatoin and said they'd offer it by the end of their first year and started building.
Post Reply