-twenty Posted September 16, 2010 Share Posted September 16, 2010 I tried searching but came up empty handed, hoping you guys can give me some assistance. I have a login script that I would like to lock down a little from flooding. What is the easiest way to do this? Something that will restrict the IP if the script encounters x amount of failed attempts in x amount of minutes. Thanks! Link to comment https://forums.phpfreaks.com/topic/213577-securing-a-login-script/ Share on other sites More sharing options...
schilly Posted September 16, 2010 Share Posted September 16, 2010 Have a table with login_attempt, ip_address, timestamp. If the login fails log the IP, timestamp and add one to the login attempt. When they post the login form, check the IP to see if it's in the table. If it is and over your attempt threshold throw an error saying "too many login attempts. banned for however long" or lock the account down or something. Then set a cron to clean out the table for any entries older than a certain time period. Link to comment https://forums.phpfreaks.com/topic/213577-securing-a-login-script/#findComment-1111702 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.