FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » FUDforum Development » FUDforum 3.0+ » Brake inn
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Brake inn [message #17212 is a reply to message #17211] Fri, 19 March 2004 19:12 Go to previous messageGo to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma:
Senior Member
Administrator
Core Developer
FUDforum already logs failed logins to admin account(s).

Making loggins progressively longer is a bad idea in a web environment, since sleep(X seconds) would put the apache child to sleep making it unable to serve requests (potential DOS).

I suppose it could be implemented with JavaScript, but that won't affect automated tools, which brute force attempts will be done with.

Temporary disabling of login for an account could be done fairly easily, but I am not certain it would accomplish much other then take brute forcing a password slightly longer. Keep in mind, most 'brute' force attempts are accomplished by guessing 1 password that the user uses in many places and then simply trying it in the apps that they use. A multi-request bruteforce would be very easy to notice, through numerous log web server entries and forum's "who's online".

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Virusi a thought.
Next Topic: Post 2.6.0 TODO
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Jul 03 22:11:21 GMT 2024

Total time taken to generate the page: 0.05410 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software