new login feature - beware
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
new login feature - beware
I have noticed a lot of failed login attempts in the logs, to avoid brute forcing attempts I have implemented a feature that bans a user with 3 failed login attempts for 30 minutes now...
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
Thats another good idea b_b, any way of implimenting the security on suck-o to the highest standard even though it may sometimes be a little time consuming, is a good idea at times like this.
Great handling of the total situation at hand.
I will hopefully be back online permanently later today and it will be good to catch up
Great handling of the total situation at hand.
I will hopefully be back online permanently later today and it will be good to catch up
The devil can cite Scripture for his purpose.
-- William Shakespeare, "The Merchant of Venice"
https://tshirt-memes.com
-- William Shakespeare, "The Merchant of Venice"
https://tshirt-memes.com
well some services like hotmail, have an option where you ask them to send you the password to your e-mail, I never noticed some thing like that over here, but yeah its a good idea.p4inl0v3r wrote:just a suggestion ....
incase of such more than 3 failed attempts , instead of banning , an email to the user can be sent with his passwrd .... if the guy is genuine and in trbl then he is helped .... otherwise also no prob
mahmoud_shihab@hotmail.com
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
well, the point is that those failed login attempts are not made by users that maybe had a drink too much or have trouble remembering their password....those are automated login attempts. maybe 40 different IPs have been banned in the meantime (just for 1 hour, those bans are not permanent), I have checked about 30 of them and NONE was an IP of a known user.
but ok, the "lost password" function is something I will try to set up, good idea...
but ok, the "lost password" function is something I will try to set up, good idea...