 Hi, Does anybody know of a simple way to limit the number of login attempts a user (ip or cookie) can try? Right now its quite easy to brute force yourself into most of the users accounts on a dolphin page, since the script most of the times just have to guess the password. This should of course have been there from the beginning in the code, but since it's not, maybe someone wants to help out?
Best, Eric |
You can set the system to only allow so many attempts before it times out for a pre determined time. http://towtalk.net ... Hosted by Zarconia.net! |
Hello Take a look at out Access Management System module. It has such feature in addition to a lot of the others. All the visitors who try to break open someone's profile will be blocked by IP and will not be able to open your site during settled number of hours. You can change these settings as you like. By default there are 5 attempts allowed and then member will be blocked during 24 hours. Best Regards AntonLV - http://www.boonex.com/market/posts/AntonLV |
@AntonLV, looks good, but i will try to solve it without buying another mod right now. If I can't fix it I will give your mod a try.
@SkyForum, I sent you a PM, I cant find a setting for that. I must be missing something.
Thanks Eric |
You'll have to either buy a mod or do some heavy coding, Dolphin doesn't have anything included to do this. I think Sky was talking about logging in the server itself. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
@mscott, Yes I think he misunderstood me. Regarding heavy coding though, It's not too heavy coding to check login attempts with a cookie. Not maybe the most secure way of course since you can clear your cache and try again, but it would be enough for me. So if some know how to do that I'm all ears.
|
It's not too heavy coding to check login attempts with a cookie.
So if some know how to do that I'm all ears.
If you don't know how to do it how do you know it isn't heavy coding BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Yes I would like that as well, but for me it would be enough with a cookie solution. My problems mainly comes from my target group, which are kids, trying to login to each others accounts. Not from external hackers per say. Most of them don't know what a cookie is so that would keep them from messing about for a while. And yes I have been in the IT industry long enough to know that a cookie solution is a lot simpler than a php/db solution. Anyways, if anyone has a quick fix for this I'm still all ears. |
. I would create a database table for failed logins and have it record the time, date, IP and username. Then have the login section of member.php check the table for a certain number of entries within a certain time frame (30 minutes?).. then I would add to the Dolphin database cleanup script a line that cleared out this table at midnight.