Zubrag.com
October 23, 2017, 04:17:59 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Brute force protection  (Read 1425 times)
tazar
Newbie
*
Posts: 1


« on: March 26, 2017, 08:14:20 AM »

Thank you for your password_protect.php great script!!

How would you integrate a brute force protection in this script?
I'm looking to add a little additional security, without using mysql db and on an hosted domain (ie, no php modules configurable), any suggestion?

I got following code from https://coderwall.com/p/sauviq/brute-force-protection-in-php but can't figure out how to integrate it to your script... and maybe it is not the best way to do it??

Code:
<?php
  $apc_key 
"{$_SERVER['SERVER_NAME']}~login:{$_SERVER['REMOTE_ADDR']}";
  
$apc_blocked_key "{$_SERVER['SERVER_NAME']}~login-blocked:{$_SERVER['REMOTE_ADDR']}";

  
$tries = (int)apc_fetch($apc_key);
  if (
$tries >= 10) {
    
header("HTTP/1.1 429 Too Many Requests");
    echo 
"You've exceeded the number of login attempts. We've blocked IP address {$_SERVER['REMOTE_ADDR']} for a few minutes.";
    exit();
  }

  
$success login($_POST['username'], $_POST['password']);
  if (!
$success) {
    
$blocked = (int)apc_fetch($apc_blocked_key);

    
apc_store($apc_key$tries+1pow(2$blocked+1)*60);  # store tries for 2^(x+1) minutes: 2, 4, 8, 16, ...
    
apc_store($apc_blocked_key$blocked+186400);  # store number of times blocked for 24 hours
  
} else {
    
apc_delete($apc_key);
    
apc_delete($apc_blocked_key);
  }

Logged
Breenda
Newbie
*
Posts: 3


« Reply #1 on: September 06, 2017, 02:19:20 AM »

thanks for your sharing, it helps me lot.
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC