[Phplogcon-dev] brute force password cracking prevention
Michael Meckelein
mmeckelein at hq.adiscon.com
Wed Dec 7 17:23:05 CET 2005
> Is there something like a sleep() call in php?
Of course, it is.
http://www.php.net/sleep
Michael
> Sleep(), in most OS, is a
> way to tell the OS that the callig process has no interest in being
> executed for the specified amount of time.
>
> If such a beast exists, we could sleep() a few ms for each wrong login
> and maybe up to 30 seconds as the failures increase...
>
> Rainer
>
> > -----Original Message-----
> > From: phplogcon-dev-bounces at lists.adiscon.com
> > [mailto:phplogcon-dev-bounces at lists.adiscon.com] On Behalf Of
> > Michael Meckelein
> > Sent: Wednesday, December 07, 2005 5:18 PM
> > To: phplogcon-dev at lists.adiscon.com
> > Subject: [Phplogcon-dev] brute force password cracking prevention
> >
> > Brian wrote:
> > > Side note:
> > > Maybe a good thing to slow it down in the case of brute force
> > password
> > > cracking. (Users Table). (scripts can do this, not for us to worry
> > about,
> > > yet).
> >
> > Rainer wrote:
> > > hehe... another low priority todo list item - tarpiting
> > attacks (after
> > > all, such a brute force may case the system to exhaust its
> > > ressources...)
> >
> > As a simply approach we can log failed login attempts. E.g.
> > if there are
> > more than three failed login attempts in a minute, we can disable
the
> > login for this user for some minutes.
> >
> > Michael
> > _______________________________________________
> > Phplogcon-dev mailing list
> > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
> >
> _______________________________________________
> Phplogcon-dev mailing list
> http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
More information about the Phplogcon-dev
mailing list