Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Mitigate brute force attacks on login page
Mitigate brute force attacks on login page
  • El Forum
    Guest
  •  
#12
04-22-2012, 11:53 AM

[eluser]WanWizard[/eluser]
Not sure a captcha will protect you, it just means the attacker has to write a smarter script. You'll have to mitigate server side.

I mitigate this by adding a delay before a second attempt to login can be made. The first few (configurable) are delay free, after that the delay is added, and the more attempts are being made, the longer the delay is.

After a (configurable) number of attempts the source IP is blacklisted and the delay is reset, to avoid this being used as a DDOS (you don't want the legitimate users to be locked out of their own accounts).


Messages In This Thread
Mitigate brute force attacks on login page - by El Forum - 04-19-2012, 08:59 PM
Mitigate brute force attacks on login page - by El Forum - 04-19-2012, 11:47 PM
Mitigate brute force attacks on login page - by El Forum - 04-20-2012, 04:42 AM
Mitigate brute force attacks on login page - by El Forum - 04-20-2012, 05:15 AM
Mitigate brute force attacks on login page - by El Forum - 04-20-2012, 10:26 AM
Mitigate brute force attacks on login page - by El Forum - 04-20-2012, 10:50 AM
Mitigate brute force attacks on login page - by El Forum - 04-20-2012, 10:55 AM
Mitigate brute force attacks on login page - by El Forum - 04-20-2012, 12:11 PM
Mitigate brute force attacks on login page - by El Forum - 04-20-2012, 12:39 PM
Mitigate brute force attacks on login page - by El Forum - 04-20-2012, 03:24 PM
Mitigate brute force attacks on login page - by El Forum - 04-22-2012, 09:40 AM
Mitigate brute force attacks on login page - by El Forum - 04-22-2012, 11:53 AM
Mitigate brute force attacks on login page - by El Forum - 04-22-2012, 12:23 PM
Mitigate brute force attacks on login page - by El Forum - 04-22-2012, 01:09 PM
Mitigate brute force attacks on login page - by El Forum - 04-22-2012, 11:41 PM
Mitigate brute force attacks on login page - by El Forum - 04-23-2012, 02:45 AM
Mitigate brute force attacks on login page - by El Forum - 04-25-2012, 07:34 PM
Mitigate brute force attacks on login page - by El Forum - 04-25-2012, 07:42 PM
Mitigate brute force attacks on login page - by El Forum - 04-25-2012, 07:47 PM



Theme © iAndrew 2016 - Forum software by © MyBB