Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Login Flood Control

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
Check here to subscribe to this topic.
   

T O P I C    R E V I E W
cripto9t Posted - 03 July 2009 : 13:23:02
Login Flood Control

This mod adds a login flood feature to your forums.

From the Readme


  • Description


    • Adds a login flood check to the forums

    • Users are given a specified number of attempts to login

    • Users that exceed the limit are redirected to the password recovery page if email is on or a warning page if email is off

    • Users that exceed the limit must wait a specified amount of time before attempting to login again

    • If a user tries to login during the waiting period, the waiting period starts all over and they are redirected to the password recovery page or login warning, depending on forum email

    • There is a grace period between login attempts


  • Features


    • Admin on/off switch

    • Admin sets login attempts

    • Admin sets waiting period

    • Admin on/off switch for grace period

    • Admin sets grace period




It uses session variables to keep track of failed login attempts and hold the delay and grace period times.

Installation: Easy (It took me about 4 minutes useing the Readme)

Download: Snitzbitz

I recommend useing the readme file to install the mod. If you have a problem you can double check your code changes by looking a the reference files, just search the file for "Login Flood to find the changes.

There is some code near the top of the "inc_header.asp" reference file. It is not part of the mod! I left it there for people who wanted to test the functionality of the mod. It gives you an idea of whats going on. It should be removed when you are through testing.

If you have questions ask them here but if you have a problem installing the mod, please start a new topic in the "Help: Mod Implementation" forum. Be sure to mention "login flood" in the title.

Have fun
15   L A T E S T    R E P L I E S    (Newest First)
Giumer Posted - 18 July 2009 : 01:24:56
hi and is possibol script ess: me seting 5 tray and me admin pannel ok ? member 1 tray not longing and message ok 4 tray , 3 tray and cet ess: caundaun ? adn finish tray , message wait for 2 minute .....?
modifichicci Posted - 14 July 2009 : 05:52:08
I have this message on start

6 Failed login attempts.
You can login now. Your login attempts will be set to 0 when you try to login again.

It seems that
Session(strCookieURL & "login") isn't set to 0 when time expired
Etymon Posted - 13 July 2009 : 19:48:43
I sent you an e-mail Cripto9t.
modifichicci Posted - 13 July 2009 : 14:07:25
I have installed this mod in two forum with the same mods installed

in the first forum it works well
in the second after the first attempt i am redirect to password page whatever value i put in number of attempts
if i put 5 as value i have that
cLng(Session(strCookieURL & "login")) is 4 the first time and then it becames 6 after

I have delete cookies but no fortune.

I can login with a correct id and password

cripto9t Posted - 13 July 2009 : 08:10:51
I had to look up "dictionary attack" :}, so I can't vouch for it but the wiki page says it will slow them down.

http://en.wikipedia.org/wiki/Dictionary_attack#Use
Etymon Posted - 13 July 2009 : 01:29:22
Does anyone know if this MOD circumvents a dictionary attack?
leatherlips Posted - 06 July 2009 : 11:03:42
quote:
Originally posted by richfed

Question --

After the set number of failed log-in attempts, what exactly does the user see? I would like them to see something very similar to what leatherlips posted above in the 5th post. Is a change to inc_header the only necessary step?

The way the mod is, after the number of failed log in attempts, the user will see the following:

1. If you have email enabled they will be taken to the your password.asp page.

2. If you have email disable, they will be taken to the password2.asp page which tells them they have exceeded the number of log in attempts and will have to wait the specified period of time.
richfed Posted - 06 July 2009 : 10:52:42
Question --

After the set number of failed log-in attempts, what exactly does the user see? I would like them to see something very similar to what leatherlips posted above in the 5th post. Is a change to inc_header the only necessary step?
leatherlips Posted - 05 July 2009 : 22:10:05
I think I figured it out. It seems to be working correctly now. Here is what I did:

if strLoginStatus = 0 then
         Response.Write "<p align=""center""><b><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Your username and/or password were incorrect.</font></b></p>" & vbNewLine & _
               "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Please either <a href=""login.asp"">try again</a> or <a href=""policy.asp"">register for an account</a>.</font></p>" & vbNewLine & _
               "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>If you forgot your password, <a href=""password.asp"">click here</a>.</font></p>" & vbNewLine
      Response.Write "<meta http-equiv=""Refresh"" content=""60; URL=" & strReferer & """>" & vbNewLine

      if cLng(intLoginFloodControl) = 1 then
       Response.Write        "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Please note that if after " & intLoginAttempts & " login attempts you will have to wait " & intLoginCheckTime & " minutes before trying again.</font></p>" & vbNewLine
      else
      Response.Write       "" & vbNewLine
      end if

      else
         Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>You logged on successfully!</font></p>" & vbNewLine & _
               "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Thank you for your participation.</font></p>" & vbNewLine
         Response.Write "<meta http-equiv=""Refresh"" content=""2; URL=" & strReferer & """>" & vbNewLine
          end if

I moved my part in red to where it is now and I moved the part in green before the "end if".
leatherlips Posted - 05 July 2009 : 20:37:47
Hmm. I tried that and it still refreshes after two seconds instead of 60 in Firefox and Safari.
cripto9t Posted - 05 July 2009 : 20:15:46
Put your line before the "end if" above it ;o).
leatherlips Posted - 05 July 2009 : 19:36:28
I need a little help to the modification that I made.

I have this:

Response.Write "<p align=""center""><b><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Your username and/or password were incorrect.</font></b></p>" & vbNewLine & _
               "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Please either <a href=""login.asp"">try again</a> or <a href=""policy.asp"">register for an account</a>.</font></p>" & vbNewLine & _
               "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>If you forgot your password, <a href=""password.asp"">click here</a>.</font></p>" & vbNewLine

      if cLng(intLoginFloodControl) = 1 then
       Response.Write        "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Please note that if after " & intLoginAttempts & " login attempts you will have to wait " & intLoginCheckTime & " minutes before trying again.</font></p>" & vbNewLine
      else
      Response.Write       "" & vbNewLine
      end if

         Response.Write "<meta http-equiv=""Refresh"" content=""60; URL=" & strReferer & """>" & vbNewLine
      else
         Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>You logged on successfully!</font></p>" & vbNewLine & _
               "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Thank you for your participation.</font></p>" & vbNewLine
      end if
      Response.Write "<meta http-equiv=""Refresh"" content=""2; URL=" & strReferer & """>" & vbNewLine & _

The part is red is supposed to only work if they did not log in correctly. It seems to work for IE and Opera but when I tried it in Safari and Firefox it did not work. It seemed to instead do the part in green. Do I have the red part in the right place?
golfmann Posted - 04 July 2009 : 14:09:20
Seems to have quite a bit ( so far)
Now, if I can only get the same in a regiter version... :)
cripto9t Posted - 04 July 2009 : 09:43:35
quote:
Originally posted by golfmann

thanks so much for this one! I don't know if they are bots or hackers or both, but we get hundreds of attempts a DAY sometimes. This oughtta fix em a little...




Let us know if it slows them down.
leatherlips Posted - 04 July 2009 : 09:41:39
Thanks for the response.

I have one more question. During the waiting period before you can log back in, if you close the browser and then reopen it you don't have to wait any longer. Is their a way to make the cookie wait the specified period of time even if the user closes and then reopens the browser? I was using IE8.

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.06 seconds. Powered By: Snitz Forums 2000 Version 3.4.07