• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Blocking IP address after x failed login attempts?

#1
[eluser]Josamoto[/eluser]
I am building a login system for Flex with PHP + CodeIgniter + AMFPHP in the server side backend.

I want to enable my system to allow each user to have only 5 opportunities to login. And 5 failed attempts, his IP must be blocked for 15 minutes, whereafter he can login again.

The problem is, there are ways around this.

I can try blocking them by:
a) session id
b) ip address

...but

a) ...can be tricked by simply restarting the browser, thus creating a new session.
b) ...can be tricked by using proxies and techniques I don't even know about, not even to mention ISP's that give dynamic IP addresses.

What is the best way to detect IP addresses (or at least identify specific PC's) from visitors, and how can I blacklist specific computers from logging in.

Thanks


Messages In This Thread
Blocking IP address after x failed login attempts? - by El Forum - 05-16-2008, 01:39 PM
Blocking IP address after x failed login attempts? - by El Forum - 05-16-2008, 01:42 PM
Blocking IP address after x failed login attempts? - by El Forum - 05-16-2008, 01:46 PM
Blocking IP address after x failed login attempts? - by El Forum - 05-17-2008, 04:46 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.