Zubrag.com
August 21, 2017, 09:37:19 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Brute force protection  (Read 998 times)
tazar
Newbie
*
Posts: 1


« on: March 26, 2017, 08:14:20 AM »

Thank you for your password_protect.php great script!!

How would you integrate a brute force protection in this script?
I'm looking to add a little additional security, without using mysql db and on an hosted domain (ie, no php modules configurable), any suggestion?

I got following code from https://coderwall.com/p/sauviq/brute-force-protection-in-php but can't figure out how to integrate it to your script... and maybe it is not the best way to do it??

Code:
<?php
  $apc_key 
"{$_SERVER['SERVER_NAME']}~login:{$_SERVER['REMOTE_ADDR']}";
  
$apc_blocked_key "{$_SERVER['SERVER_NAME']}~login-blocked:{$_SERVER['REMOTE_ADDR']}";

  
$tries = (int)apc_fetch($apc_key);
  if (
$tries >= 10) {
    
header("HTTP/1.1 429 Too Many Requests");
    echo 
"You've exceeded the number of login attempts. We've blocked IP address {$_SERVER['REMOTE_ADDR']} for a few minutes.";
    exit();
  }

  
$success login($_POST['username'], $_POST['password']);
  if (!
$success) {
    
$blocked = (int)apc_fetch($apc_blocked_key);

    
apc_store($apc_key$tries+1pow(2$blocked+1)*60);  # store tries for 2^(x+1) minutes: 2, 4, 8, 16, ...
    
apc_store($apc_blocked_key$blocked+186400);  # store number of times blocked for 24 hours
  
} else {
    
apc_delete($apc_key);
    
apc_delete($apc_blocked_key);
  }

Logged
jackroger368
Newbie
*
Posts: 1


« Reply #1 on: August 09, 2017, 06:54:27 AM »

We should understand that man's tendency will continue as before inasmuch as he remains man; Do my Dissertation that civilisation is however a slight blanket underneath which the prevailing brute rests delicately and ever prepared to conscious. To save civilisation, we should bargain deductively with the beast component, utilizing just certified natural standards. A discourteous nature is more awful than a savage nature by a great deal more as man is superior to a brute: and those that are of common natures and refined auras are as much closer to divine animals as those that are inconsiderate and merciless are to fallen angels. To bathe a feline takes animal drive, tirelessness, valor of conviction - and a feline. The last fixing is generally hardest to drop by.
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC