 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 208
 Members: 0
 Total: 208
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
how to defend againts brute force attacks or other |
|
 Posted: Fri Apr 21, 2006 11:48 am |
 |
|
| daniel000 |
| Regular user |
 |
|
| Joined: Apr 21, 2006 |
| Posts: 6 |
|
|
|
 |
|
 |
|
I've got a forum and the version is phpbb 2.0.18.
The problem is that an anonymous user is creating brute force attacks and is trying to hack the database using exploits in the code.
Do you think there is a way to be more secure?
Would the upgrade to 2.0.20 resolve some things?
Thanks a lot.
 |
|
Last edited by daniel000 on Sat Apr 22, 2006 8:47 pm; edited 1 time in total |
|
|
|
| Posted: Fri Apr 21, 2006 11:53 am |
|
|
| Benna |
| Regular user |
 |
|
| Joined: Apr 16, 2006 |
| Posts: 20 |
|
|
|
|
|
|
|
ciao daniel......hai avuto paura eh?
paura....
 |
|
|
|
|
| Posted: Sat Apr 22, 2006 8:37 pm |
|
|
| daniel000 |
| Regular user |
|
|
| Joined: Apr 21, 2006 |
| Posts: 6 |
|
|
|
|
|
|
|
Excuse me, but I'm afraid I cannot understand what do you mean...
Anyway, does anyone know how to defend against these attacks?
Thanks. |
|
|
|
|
|
Re: how to defend againts brute force attacks or other |
|
| Posted: Sun Apr 23, 2006 1:36 am |
|
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| daniel000 wrote: | I've got a forum and the version is phpbb 2.0.18.
The problem is that an anonymous user is creating brute force attacks and is trying to hack the database using exploits in the code.
Do you think there is a way to be more secure?
Would the upgrade to 2.0.20 resolve some things?
Thanks a lot.
|
use some image verification code, so user need to input a text that describe in the image to teh text box,
use it on user registration and posting section |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Sun Apr 23, 2006 10:28 am |
|
|
| daniel000 |
| Regular user |
|
|
| Joined: Apr 21, 2006 |
| Posts: 6 |
|
|
|
|
|
|
|
Thanks, but I think I didn't explain myself very well.
I meant how to defend against little programs that generate passwords (key gen or other) to crack an account on a forum or website.
Do these programs have a useragent? So that I can block them directly from the server? |
|
|
|
|
|
|
|
|
| Posted: Sun Apr 23, 2006 5:43 pm |
|
|
| Chb |
| Valuable expert |
 |
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
| daniel000 wrote: | Thanks, but I think I didn't explain myself very well.
I meant how to defend against little programs that generate passwords (key gen or other) to crack an account on a forum or website.
Do these programs have a useragent? So that I can block them directly from the server? |
Nope, I don't think so. But you can also log into a special table when a fail login has been made. And before the login is checked the script takes a look into this table wheather this host has tried for example three times. If so then make login impossible.  |
|
|
|
|
| Posted: Mon Apr 24, 2006 8:13 pm |
|
|
| daniel000 |
| Regular user |
|
|
| Joined: Apr 21, 2006 |
| Posts: 6 |
|
|
|
|
|
|
|
Thanks!!! You had a really good idea... But how do you think I could block them?
Blocking their user agent... but I think they can change them
Blocking their IP... but many users have a dynamic IP!!!
What do you think? |
|
|
|
|
| Posted: Tue Apr 25, 2006 4:42 am |
|
|
| Chb |
| Valuable expert |
|
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
There are some ways.
1) IP-Banning after x fail-logins
2) Cookie-Setting after x fail-logins and check them for to check if the user has been banned for y minutes
3) Captchas (e.g. chars in a picture which you have to write down to login)
4) Ban the user for y minutes if there were x fail-logins... |
|
|
|
|
| Posted: Tue Apr 25, 2006 8:35 pm |
|
|
| daniel000 |
| Regular user |
|
|
| Joined: Apr 21, 2006 |
| Posts: 6 |
|
|
|
|
|
|
|
| Thanks a lot!!! |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
