Waraxe IT Security Portal
Login or Register
December 12, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 80
Members: 0
Total: 80
Full disclosure
SEC Consult SA-20241204-0 :: Multiple Critical Vulnerabilities in Image Access Scan2Net (14 CVE)
Microsoft Warbird and PMP security research - technical doc
Access Control in Paxton Net2 software
SEC Consult SA-20241127-0 :: Stored Cross-Site Scripting in Omada Identity (CVE-2024-52951)
SEC Consult SA-20241125-0 :: Unlocked JTAG interface and buffer overflow in Siemens SM-2558 Protocol Element, Siemens CP-2016 & CP-2019
Re: Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> how to defend againts brute force attacks or other
Post new topicReply to topic View previous topic :: View next topic
how to defend againts brute force attacks or other
PostPosted: Fri Apr 21, 2006 11:48 am Reply with quote
daniel000
Regular user
Regular user
Joined: Apr 21, 2006
Posts: 6




I've got a forum and the version is phpbb 2.0.18.
The problem is that an anonymous user is creating brute force attacks and is trying to hack the database using exploits in the code.
Do you think there is a way to be more secure?
Would the upgrade to 2.0.20 resolve some things?
Thanks a lot.
Very Happy


Last edited by daniel000 on Sat Apr 22, 2006 8:47 pm; edited 1 time in total
View user's profile Send private message
PostPosted: Fri Apr 21, 2006 11:53 am Reply with quote
Benna
Regular user
Regular user
Joined: Apr 16, 2006
Posts: 20




ciao daniel......hai avuto paura eh?

paura....
Laughing Laughing
View user's profile Send private message Visit poster's website
PostPosted: Sat Apr 22, 2006 8:37 pm Reply with quote
daniel000
Regular user
Regular user
Joined: Apr 21, 2006
Posts: 6




Excuse me, but I'm afraid I cannot understand what do you mean...
Anyway, does anyone know how to defend against these attacks?
Thanks.
View user's profile Send private message
Re: how to defend againts brute force attacks or other
PostPosted: Sun Apr 23, 2006 1:36 am Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




daniel000 wrote:
I've got a forum and the version is phpbb 2.0.18.
The problem is that an anonymous user is creating brute force attacks and is trying to hack the database using exploits in the code.
Do you think there is a way to be more secure?
Would the upgrade to 2.0.20 resolve some things?
Thanks a lot.
Very Happy


use some image verification code, so user need to input a text that describe in the image to teh text box,
use it on user registration and posting section

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Sun Apr 23, 2006 10:28 am Reply with quote
daniel000
Regular user
Regular user
Joined: Apr 21, 2006
Posts: 6




Thanks, but I think I didn't explain myself very well.
I meant how to defend against little programs that generate passwords (key gen or other) to crack an account on a forum or website.
Do these programs have a useragent? So that I can block them directly from the server?
View user's profile Send private message
PostPosted: Sun Apr 23, 2006 5:43 pm Reply with quote
Chb
Valuable expert
Valuable expert
Joined: Jul 23, 2005
Posts: 206
Location: Germany




daniel000 wrote:
Thanks, but I think I didn't explain myself very well.
I meant how to defend against little programs that generate passwords (key gen or other) to crack an account on a forum or website.
Do these programs have a useragent? So that I can block them directly from the server?


Nope, I don't think so. But you can also log into a special table when a fail login has been made. And before the login is checked the script takes a look into this table wheather this host has tried for example three times. If so then make login impossible. Wink

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Mon Apr 24, 2006 8:13 pm Reply with quote
daniel000
Regular user
Regular user
Joined: Apr 21, 2006
Posts: 6




Thanks!!! You had a really good idea... But how do you think I could block them?
Blocking their user agent... but I think they can change them
Blocking their IP... but many users have a dynamic IP!!!
What do you think?
View user's profile Send private message
PostPosted: Tue Apr 25, 2006 4:42 am Reply with quote
Chb
Valuable expert
Valuable expert
Joined: Jul 23, 2005
Posts: 206
Location: Germany




There are some ways.
1) IP-Banning after x fail-logins
2) Cookie-Setting after x fail-logins and check them for to check if the user has been banned for y minutes
3) Captchas (e.g. chars in a picture which you have to write down to login)
4) Ban the user for y minutes if there were x fail-logins...

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Tue Apr 25, 2006 8:35 pm Reply with quote
daniel000
Regular user
Regular user
Joined: Apr 21, 2006
Posts: 6




Thanks a lot!!! Very Happy
View user's profile Send private message
how to defend againts brute force attacks or other
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.142 Seconds