The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
Login Flood Control
This mod adds a login flood feature to your forums.
From the Readme
It uses session variables to keep track of failed login attempts and hold the delay and grace period times.
Installation: Easy (It took me about 4 minutes useing the Readme)
Download: Snitzbitz
I recommend useing the readme file to install the mod. If you have a problem you can double check your code changes by looking a the reference files, just search the file for "Login Flood to find the changes.
There is some code near the top of the "inc_header.asp" reference file. It is not part of the mod! I left it there for people who wanted to test the functionality of the mod. It gives you an idea of whats going on. It should be removed when you are through testing.
If you have questions ask them here but if you have a problem installing the mod, please start a new topic in the "Help: Mod Implementation" forum. Be sure to mention "login flood" in the title.
Have fun
This mod adds a login flood feature to your forums.
From the Readme
- Description
- Adds a login flood check to the forums
- Users are given a specified number of attempts to login
- Users that exceed the limit are redirected to the password recovery page if email is on or a warning page if email is off
- Users that exceed the limit must wait a specified amount of time before attempting to login again
- If a user tries to login during the waiting period, the waiting period starts all over and they are redirected to the password recovery page or login warning, depending on forum email
- There is a grace period between login attempts
- Features
- Admin on/off switch
- Admin sets login attempts
- Admin sets waiting period
- Admin on/off switch for grace period
- Admin sets grace period
It uses session variables to keep track of failed login attempts and hold the delay and grace period times.
Installation: Easy (It took me about 4 minutes useing the Readme)
Download: Snitzbitz
I recommend useing the readme file to install the mod. If you have a problem you can double check your code changes by looking a the reference files, just search the file for "Login Flood to find the changes.
There is some code near the top of the "inc_header.asp" reference file. It is not part of the mod! I left it there for people who wanted to test the functionality of the mod. It gives you an idea of whats going on. It should be removed when you are through testing.
If you have questions ask them here but if you have a problem installing the mod, please start a new topic in the "Help: Mod Implementation" forum. Be sure to mention "login flood" in the title.
Have fun
Posted
Thank you for the offer, Cripto9t! Looks interesting! 
Posted
thanks so much for this one! I don't know if they are bots or hackers or both, but we get hundreds of attempts a DAY sometimes. This oughtta fix em a little...
Posted
I've tried the mod and it works as advertised!
However, I have one small problem. I used a demo account to try the login process. I failed on purpose to login in the specified number of attempts. It then takes me to the password recovery page. But then I tried to log in with my admin account and it would not let me. It seemed to think my other account was the same one that failed to log in. Is that a cookie issue?
Also, on your password2.asp page, you need to add the parts in red below:
However, I have one small problem. I used a demo account to try the login process. I failed on purpose to login in the specified number of attempts. It then takes me to the password recovery page. But then I tried to log in with my admin account and it would not let me. It seemed to think my other account was the same one that failed to log in. Is that a cookie issue?
Also, on your password2.asp page, you need to add the parts in red below:
Code:
<%
'##########################################################################
'## ##
'## Login Flood Control mod for Snitz Forums ##
'## ##
'## This is not an original Snitz Forum file ##
'## ##
'##########################################################################
%>
Posted
Is it possible to have the final failed login attempt go to the password2.asp page even if email is enabled? I want them to know what happened and that they will have to wait. I've already changed my inc_header.asp page to direct them to log in, go to the password recovery page, and to tell them they only have a certain number a tries to attempt to log in.
I did this by changing my inc_header.asp page from this:
to this:
Note: the part in red is because I have a version earlier than 3.4.07. If you have the newest version, you will want to change that part to register.asp.
I did this by changing my inc_header.asp page from this:
Code:
Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Your username and/or password were incorrect.</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Please either try again or register for an account.</font></p>" & vbNewLine
else
Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>You logged on successfully!</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Thank you for your participation.</font></p>" & vbNewLine
end if
Response.Write "<meta http-equiv=""Refresh"" content=""2; URL=" & strReferer & """>" & vbNewLine & _Code:
Response.Write "<p align=""center""><b><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Your username and/or password were incorrect.</font></b></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Please either <a href=""login.asp"">try again</a> or <a href=""policy.asp"">register for an account</a>.</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>If you forgot your password, <a href=""password.asp"">click here</a>.</font></p>" & vbNewLine
if cLng(intLoginFloodControl) = 1 then
Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Please note that if after " & intLoginAttempts & " login attempts you will have to wait " & intLoginCheckTime & " minutes before trying again.</font></p>" & vbNewLine
else
Response.Write "" & vbNewLine
end if
Response.Write "<meta http-equiv=""Refresh"" content=""60; URL=" & strReferer & """>" & vbNewLine
else
Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>You logged on successfully!</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Thank you for your participation.</font></p>" & vbNewLine
end if
Response.Write "<meta http-equiv=""Refresh"" content=""2; URL=" & strReferer & """>" & vbNewLine & _
Posted
Originally posted by leatherlipsWell I figured out a way to do it. The easiest thing to do but probably not the best was to change both references to password.asp in inc_func_common.asp to password2.asp.
Is it possible to have the final failed login attempt go to the password2.asp page even if email is enabled?
Code:
if cLng(strEMail) = 1 then
Response.Redirect("password2.asp")
else
Response.Redirect("password2.asp")
end if