Page 1 of 1

blocking the unauhtorized user

Posted: Wed Sep 10, 2003 2:35 am
by dibyendra
Hi there,
I have seen many site blocking the user after they try to login more than three times for certain time. Is it possible through scripting?I'm wondering how can I do that. :o
Waiting for the resonse
Thanking you
Dibyendra

Posted: Wed Sep 10, 2003 8:16 am
by Stoker
.. add their IP, attempt-count and last-seen time to a file or table and table and don't allow it if the count is too high and last-seen is too close...

Posted: Wed Sep 10, 2003 8:36 am
by JayBird
would IP be good enough to do a check against? Most IP's are dynamically assigned these days, so a user could try 3 times. Disconnect, get new IP and try 3 more times!?

Posted: Wed Sep 10, 2003 8:55 am
by m3rajk
bech: depends.

on college campuses it's normally a one month rotation (provided the kid logs off for more then 24 hours, the stale time)


on cable/dsl networks it's a higher stale time. most ppl aren't off long enough to ever get a new address


on dial up that's pointless. disconnect. reconnect. you have a new ip.

how long does it take the person to figureout it's the ip is the issue

Posted: Wed Sep 10, 2003 9:05 am
by Stoker
you can set a cookie but it really provides no security as cookies are easy to delete and fake..

People being able to change their IP is usually no risk, as it usually takes them several seconds to do so, so the "Attack" will be very slow. For thos that do own their own B-Block of IP's (very Unusual unless u're an ISP) and can change rapidly, the attack is still limited to 32 thousand attempts, and that should not be enough to automate password-guessing if the passwords are screened for dictionary words and names and such..

Posted: Wed Sep 10, 2003 10:42 am
by Nay
I was going to post a new topic on this but I saw the topic, so I might as well save some space and throw in the question here.

Say you block and IP from a person using a dail up connection. In theory, you would redirect the person with that IP to somewhere else, right? Well, what if the user disconnected and reconnected, he or she gets a new IP and is able to get into the site again. That's obvious, but it's not my main question.

If another user had the same IP that was blocked and tries to get into the site, he or she would be redirected to elsewhere, right?

I heard most people are still on a 56k dail up connection.

Any solutions to this?

-Nay

Posted: Wed Sep 10, 2003 11:02 am
by JAM
[quote=Nay]
If another user had the same IP that was blocked and tries to get into the site, he or she would be redirected to elsewhere, right?
[/quote]
Right. Workarounds...

Stoker mentioned cookies, and I agree fully. It's probably the thing that is worth most attention regarding this, though you cant expect it to be foolproof safe.

I also agree with him about the issue with users changing ip's. It takes to long time. If you are really getting hammered with brute force attempts combined with proxy-sources, you should consider hardware solutions (big $ tho).

The first reply in this thread sounds like a solution worth coding more on.

Posted: Wed Sep 10, 2003 8:16 pm
by m3rajk
nay: i'm sure it's lower in the total world.. in the us, about a year ago i saw then current stats: 80% still on dial up.

from what i can tell, that number can't have dropped below 50%. i say this because it took the cable company 3 years to get cable access here.. they only made it available becasue rcn came in thanx to the end of the monopolizatoin and said they'd offer it by the end of their first year and started building.