An easy way to prevent the flow of login requests?

Question

An easy way to prevent the flow of login requests?

If my website uses the POST form to log in, then what is a quick and easy way to prevent a rogue client from flooding my web server using POST requests, trying to out-force, hacking my user accounts?

PHP / MySQL / Apache.

+3

website

Mike Oct 26 '09 at 3:31

source share

3 answers

atk · Answer 1 · 2009-10-26T04:18:54+0000

Prevention of brute force breaking is more difficult than it might seem at first glance. The solution will be to combine the controls - one control will not cut the mustard. And remember the goal: you want to slow down the brute force attack to the point where it is either ineffective, or you can detect it and take action. The second option is usually more effective than the first.

You can use captcha (currently a popular method), but charts can often be read automatically, and when they cannot be read on a computer, people's farms can be obtained by paying low-paid workers or using captcha to protect “free” porn (both are used method).

; HTML, , . , . , ( PRNG ), .

IP- , NAT. NAT . , ; IP- ( ARP - ).

- (, 3 1 ). , . , , .

- . ( ) IP- ( NAT) ( ).

, , . ( ? ? ?) . , " " ( ). , OATH, (, RSA SecurID).

, Burt Kaliski, . , , ; DoSes , , . . , . , , , (, ), ( , javascript). , JavaScript?

, . - , , IP-.

. , ( , , ), , , .

, () .

, , . .

, , . ( , ). - , .

, . , , , . - syslog " 1000 " .

, , , , , (a) , (b) ( , ).

mjv · Answer 2 · 2009-10-26T03:37:10+0000

, IP- ( 3 IP-) ( ) , IP-, y x.

( ) , , .

IP- (IP- 3 IP-, 6 2 ), IP- 15 .

FrustratedWithFormsDesigner · Answer 3 · 2009-10-26T03:36:57+0000

, IP- , 5 , IP- 5- "" . , 5 , , ( 24 , ). , .

An easy way to prevent the flow of login requests?

More articles: