The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
Hi,
I'm in big need of help to tackle some hacking attempts made by persons hiding behinde anonymous online proxys and trying to hack various user accounts on my forum by trying to guess the passwords.
My logfiles are full of unsuccessfull login attempts from various ip's. Is there a MOD or some code that I could implement in my snitz 3.4.06 forum so that the IP is Blocked (not the user account) from the forum after 3 failed login attempts?
I'm using MySql as the database..
<moved from="Help: General / Current Version (v3.4.xx)" by="Shaggy" />
I'm in big need of help to tackle some hacking attempts made by persons hiding behinde anonymous online proxys and trying to hack various user accounts on my forum by trying to guess the passwords.
My logfiles are full of unsuccessfull login attempts from various ip's. Is there a MOD or some code that I could implement in my snitz 3.4.06 forum so that the IP is Blocked (not the user account) from the forum after 3 failed login attempts?
I'm using MySql as the database..
<moved from="Help: General / Current Version (v3.4.xx)" by="Shaggy" />
Posted
It could likely be done but it's dangerous. If an AOL user screws up logging in you could automagically ban 100s of members. 
Posted
That's not a problem for us in this case. We only have members from the nordic countries and if a IP is banned, we have admins who will make a check and see if the IP is legitim or belongs to a proxy-server and the banned user has the possibility to send a request to have it unblocked.
We do not have ISP's that route their customers though a proxy-server so that they all share the same IP..
(checked my logfile now and the anonymous user is back trough a new proxyserver and pounding away at the login-page trying to hack..)
We do not have ISP's that route their customers though a proxy-server so that they all share the same IP..
(checked my logfile now and the anonymous user is back trough a new proxyserver and pounding away at the login-page trying to hack..)
Originally posted by bobby131313
It could likely be done but it's dangerous. If an AOL user screws up logging in you could automagically ban 100s of members.
Posted
Maybe less of a ban and more of some sort of rate-limiting?
While looking at a white paper on CAPATCHAs I randomly thought of your problem and this Coding Horror article. I don't have any code handy, nor do I have the time to write this up at the moment, but one avenue to look down would be to record the number of attempts on a given account and after x failed attempts pose a gatekeeper question or start progressively delaying the response time between submission and notification. Just a random thought.
Addendum: it may be easier to tie it into the existing flood control mechanisms...
While looking at a white paper on CAPATCHAs I randomly thought of your problem and this Coding Horror article. I don't have any code handy, nor do I have the time to write this up at the moment, but one avenue to look down would be to record the number of attempts on a given account and after x failed attempts pose a gatekeeper question or start progressively delaying the response time between submission and notification. Just a random thought.
Addendum: it may be easier to tie it into the existing flood control mechanisms...
Posted
A flood control would obe the perfect solution, so that the user has to wait 1 minute before he can try to login again. The use of regular cookies would not work because many of the online proxyservers block cookies, I'm thinking of using session cookies instead and make so sort of check with now() > last attempt or something, where in the code/file would be the best place to put the login flood control code?
Posted
The use of regular cookies would not work because many of the online proxyservers block cookiesgrrrr... that was part of my plan.
Barring distractions, I should have something by tomorrow
