perhaps set it up so that after 5 bad tries, instead of just banning him (which displays a page that the website is experiancing problems), we just not send it to our processor, but jsut return a message that the transaction failed. So they would keep trying but get bad information
>I should point out, depending how intelligent and determined the >attackers are the IP banning may only work temporarily. It is fairly >easy to build database/code to dump new proxy ips into it daily >(lists are not hard to find), and have your attack software randomly >connection through them, downgrading and dumping the proxy ip after >n number failures. >If ip blocking is working, it probably means the person/group >targeting you probably isn't very sophisticated. Some people that >barely know what they're doing, copy-catting a get-rich-quick scheme >others told them about. Consider yourself fortunate in that regard. > >Also, those kind of attackers usually use software that does a >single direct post to an url, filling all urls it finds. It also has >no sense of sessions, or cookies, etc. You can use all that against >them. I find they occasionally do send a real live human to test >things out though. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352312 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
