Jump to content

[SOLVED] Implementing login attempt disabling

jordanwb

By jordanwb
in PHP Coding Help

 Share

Recommended Posts

jordanwb Advanced Member

jordanwb

Posted
Posted

In my login script I'm trying to implement the feature that if there are X failed attempts, the user cannot try to login for Y period of time. Now I save the number of failed attempts and the time where login will be allowed in the SESSION superglobal. But I just realized that if the user clears their cookies, they can bypass this. Any ideas?

 

I was thinking of storing their IP in a MySQL table, but with NAT you may be blocking someone who has valid data.

jordanwb Advanced Member

jordanwb

Posted
  • Author
Posted

block them on a per-username basis... 5 or so incorrect passwords and you lock them out from that username for a certain amount of time. It solves the problem of dynamic/spoofed ips.

 

Hey that's a good idea. I'll use that, thanks.

 

[edit] Wait what about if the username doesn't exist?

genericnumber1 Member

genericnumber1

Posted
Posted

If the username does not exist, still block them from trying to log into it. I'm assuming your goal is to stop brute forcing, and in doing that, it is a good idea to not treat non-existent usernames any differently than usernames that do exist.

jordanwb Advanced Member

jordanwb

Posted
  • Author
Posted

Wait blacklisting usernames isn't what I want to do. I want to temporarily lock an attacker from using any username - existing or not - that I know how to do. What the problem is is determining if a user who has just cleared their cookies is the person who was attempting a brute-force.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.