It's pretty simple to do however there are firewall products that do
just that as well.
Use a DB table with the following columns:
* IP
* Bad_Attempts
* Last_Timestamp
Increase the bad attempts when that occurs and make a new timestamp. If
the bad attempts reaches a threshold of 10 within X number of
minutes/hours, than start blocking. When the blocking time period end,
clear the bad attempts to 0.
HTH,
.pjf
Trenatos said the following on 01/02/2012 10:48 PM:
I'm building a custom classifieds system, and am using a simple 4
digit password that's generated and saved with each ad (It's random
for each ad).
One of the things I want to implement is a way to lock out people
trying to hack the passwords.
Two things comes to mind, the first being bruteforcing (Such as using
Hydra), so possibly looking for and lock out a user that makes more
then 2 calls per second to the remove-ad page.
As well as look for and lock out someone with more then 10 wrong
password attempts for the same ad.
I have no idea where to start with this using OpenBD and CFML, so if
anyone has any pointers I'd be more then happy to hear it.
--
Peter J. Farrell
[email protected]
[email protected]
http://blog.maestropublishing.com
Identi.ca / Twitter: @maestrofjp
--
online documentation: http://openbd.org/manual/
google+ hints/tips: https://plus.google.com/115990347459711259462
http://groups.google.com/group/openbd?hl=en
Join us @ http://www.OpenCFsummit.org/ Dallas, Feb 2012
