Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
May 21, 2024
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 391
Members: 0
Total: 391
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> how to defend againts brute force attacks or other
Post new topic  Reply to topic View previous topic :: View next topic 
how to defend againts brute force attacks or other
PostPosted: Fri Apr 21, 2006 11:48 am Reply with quote
daniel000
Regular user
Regular user
 
Joined: Apr 21, 2006
Posts: 6




I've got a forum and the version is phpbb 2.0.18.
The problem is that an anonymous user is creating brute force attacks and is trying to hack the database using exploits in the code.
Do you think there is a way to be more secure?
Would the upgrade to 2.0.20 resolve some things?
Thanks a lot.
Very Happy


Last edited by daniel000 on Sat Apr 22, 2006 8:47 pm; edited 1 time in total
View user's profile Send private message
PostPosted: Fri Apr 21, 2006 11:53 am Reply with quote
Benna
Regular user
Regular user
 
Joined: Apr 16, 2006
Posts: 20




ciao daniel......hai avuto paura eh?

paura....
Laughing Laughing
View user's profile Send private message Visit poster's website
PostPosted: Sat Apr 22, 2006 8:37 pm Reply with quote
daniel000
Regular user
Regular user
 
Joined: Apr 21, 2006
Posts: 6




Excuse me, but I'm afraid I cannot understand what do you mean...
Anyway, does anyone know how to defend against these attacks?
Thanks.
View user's profile Send private message
Re: how to defend againts brute force attacks or other
PostPosted: Sun Apr 23, 2006 1:36 am Reply with quote
y3dips
Valuable expert
Valuable expert
 
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




daniel000 wrote:
I've got a forum and the version is phpbb 2.0.18.
The problem is that an anonymous user is creating brute force attacks and is trying to hack the database using exploits in the code.
Do you think there is a way to be more secure?
Would the upgrade to 2.0.20 resolve some things?
Thanks a lot.
Very Happy


use some image verification code, so user need to input a text that describe in the image to teh text box,
use it on user registration and posting section

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Sun Apr 23, 2006 10:28 am Reply with quote
daniel000
Regular user
Regular user
 
Joined: Apr 21, 2006
Posts: 6




Thanks, but I think I didn't explain myself very well.
I meant how to defend against little programs that generate passwords (key gen or other) to crack an account on a forum or website.
Do these programs have a useragent? So that I can block them directly from the server?
View user's profile Send private message
PostPosted: Sun Apr 23, 2006 5:43 pm Reply with quote
Chb
Valuable expert
Valuable expert
 
Joined: Jul 23, 2005
Posts: 206
Location: Germany




daniel000 wrote:
Thanks, but I think I didn't explain myself very well.
I meant how to defend against little programs that generate passwords (key gen or other) to crack an account on a forum or website.
Do these programs have a useragent? So that I can block them directly from the server?


Nope, I don't think so. But you can also log into a special table when a fail login has been made. And before the login is checked the script takes a look into this table wheather this host has tried for example three times. If so then make login impossible. Wink

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Mon Apr 24, 2006 8:13 pm Reply with quote
daniel000
Regular user
Regular user
 
Joined: Apr 21, 2006
Posts: 6




Thanks!!! You had a really good idea... But how do you think I could block them?
Blocking their user agent... but I think they can change them
Blocking their IP... but many users have a dynamic IP!!!
What do you think?
View user's profile Send private message
PostPosted: Tue Apr 25, 2006 4:42 am Reply with quote
Chb
Valuable expert
Valuable expert
 
Joined: Jul 23, 2005
Posts: 206
Location: Germany




There are some ways.
1) IP-Banning after x fail-logins
2) Cookie-Setting after x fail-logins and check them for to check if the user has been banned for y minutes
3) Captchas (e.g. chars in a picture which you have to write down to login)
4) Ban the user for y minutes if there were x fail-logins...

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Tue Apr 25, 2006 8:35 pm Reply with quote
daniel000
Regular user
Regular user
 
Joined: Apr 21, 2006
Posts: 6




Thanks a lot!!! Very Happy
View user's profile Send private message
how to defend againts brute force attacks or other
  www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.156 Seconds