 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 241
 Members: 0
 Total: 241
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
how to defend againts brute force attacks or other |
|
 Posted: Fri Apr 21, 2006 11:48 am |
 |
|
| daniel000 |
| Regular user |
 |
|
| Joined: Apr 21, 2006 |
| Posts: 6 |
|
|
|
 |
|
 |
|
I've got a forum and the version is phpbb 2.0.18.
The problem is that an anonymous user is creating brute force attacks and is trying to hack the database using exploits in the code.
Do you think there is a way to be more secure?
Would the upgrade to 2.0.20 resolve some things?
Thanks a lot.
 |
|
Last edited by daniel000 on Sat Apr 22, 2006 8:47 pm; edited 1 time in total |
|
|
|
| Posted: Fri Apr 21, 2006 11:53 am |
|
|
| Benna |
| Regular user |
 |
|
| Joined: Apr 16, 2006 |
| Posts: 20 |
|
|
|
|
|
|
|
ciao daniel......hai avuto paura eh?
paura....
 |
|
|
|
|
| Posted: Sat Apr 22, 2006 8:37 pm |
|
|
| daniel000 |
| Regular user |
|
|
| Joined: Apr 21, 2006 |
| Posts: 6 |
|
|
|
|
|
|
|
Excuse me, but I'm afraid I cannot understand what do you mean...
Anyway, does anyone know how to defend against these attacks?
Thanks. |
|
|
|
|
|
Re: how to defend againts brute force attacks or other |
|
| Posted: Sun Apr 23, 2006 1:36 am |
|
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| daniel000 wrote: | I've got a forum and the version is phpbb 2.0.18.
The problem is that an anonymous user is creating brute force attacks and is trying to hack the database using exploits in the code.
Do you think there is a way to be more secure?
Would the upgrade to 2.0.20 resolve some things?
Thanks a lot.
|
use some image verification code, so user need to input a text that describe in the image to teh text box,
use it on user registration and posting section |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Sun Apr 23, 2006 10:28 am |
|
|
| daniel000 |
| Regular user |
|
|
| Joined: Apr 21, 2006 |
| Posts: 6 |
|
|
|
|
|
|
|
Thanks, but I think I didn't explain myself very well.
I meant how to defend against little programs that generate passwords (key gen or other) to crack an account on a forum or website.
Do these programs have a useragent? So that I can block them directly from the server? |
|
|
|
|
|
|
|
|
| Posted: Sun Apr 23, 2006 5:43 pm |
|
|
| Chb |
| Valuable expert |
 |
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
| daniel000 wrote: | Thanks, but I think I didn't explain myself very well.
I meant how to defend against little programs that generate passwords (key gen or other) to crack an account on a forum or website.
Do these programs have a useragent? So that I can block them directly from the server? |
Nope, I don't think so. But you can also log into a special table when a fail login has been made. And before the login is checked the script takes a look into this table wheather this host has tried for example three times. If so then make login impossible.  |
|
|
|
|
| Posted: Mon Apr 24, 2006 8:13 pm |
|
|
| daniel000 |
| Regular user |
|
|
| Joined: Apr 21, 2006 |
| Posts: 6 |
|
|
|
|
|
|
|
Thanks!!! You had a really good idea... But how do you think I could block them?
Blocking their user agent... but I think they can change them
Blocking their IP... but many users have a dynamic IP!!!
What do you think? |
|
|
|
|
| Posted: Tue Apr 25, 2006 4:42 am |
|
|
| Chb |
| Valuable expert |
|
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
There are some ways.
1) IP-Banning after x fail-logins
2) Cookie-Setting after x fail-logins and check them for to check if the user has been banned for y minutes
3) Captchas (e.g. chars in a picture which you have to write down to login)
4) Ban the user for y minutes if there were x fail-logins... |
|
|
|
|
| Posted: Tue Apr 25, 2006 8:35 pm |
|
|
| daniel000 |
| Regular user |
|
|
| Joined: Apr 21, 2006 |
| Posts: 6 |
|
|
|
|
|
|
|
| Thanks a lot!!! |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
