shlomikalfa Posted March 30, 2009 Share Posted March 30, 2009 hi, I have a website which works with sessions... this morning i woke up to find out that there are 9K users connected instead of just 250.... I logged to my sessions dir and most of it is filled with empty sessions... which are generated quick rapidly... how can i tell if it's someone who is trying to brute-force my username and is failing thus creating an empty session and how do i block him if i do ?! Link to comment https://forums.phpfreaks.com/topic/151691-identifying-brute-force-and-blocking-it/ Share on other sites More sharing options...
ratcateme Posted March 30, 2009 Share Posted March 30, 2009 i currently use a database system that contains IP's and if a IP fails 5 times in 10 mins then the IP is blocked for 1 hour Scott. Link to comment https://forums.phpfreaks.com/topic/151691-identifying-brute-force-and-blocking-it/#findComment-796614 Share on other sites More sharing options...
shlomikalfa Posted March 30, 2009 Author Share Posted March 30, 2009 Exactly what i had in mind Done... thanks. Any other opinions/improvements !? Link to comment https://forums.phpfreaks.com/topic/151691-identifying-brute-force-and-blocking-it/#findComment-796631 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.