I know the theory behind it, I just don't know how to implement it in CFML. It might be deployed in Jelastic cloud, so I can't be certain that I'll have access to a firewall to interact with.
On Jan 2, 11:30 pm, "Peter J. Farrell" <[email protected]> wrote: > It's pretty simple to do however there are firewall products that do > just that as well. > > Use a DB table with the following columns: > > * IP > * Bad_Attempts > * Last_Timestamp > > Increase the bad attempts when that occurs and make a new timestamp. If > the bad attempts reaches a threshold of 10 within X number of > minutes/hours, than start blocking. When the blocking time period end, > clear the bad attempts to 0. > > HTH, > .pjf > > Trenatos said the following on 01/02/2012 10:48 PM: > > > > > > > > > > > I'm building a custom classifieds system, and am using a simple 4 > > digit password that's generated and saved with each ad (It's random > > for each ad). > > > One of the things I want to implement is a way to lock out people > > trying to hack the passwords. > > > Two things comes to mind, the first being bruteforcing (Such as using > > Hydra), so possibly looking for and lock out a user that makes more > > then 2 calls per second to the remove-ad page. > > > As well as look for and lock out someone with more then 10 wrong > > password attempts for the same ad. > > > I have no idea where to start with this using OpenBD and CFML, so if > > anyone has any pointers I'd be more then happy to hear it. > > -- > Peter J. Farrell > [email protected] > [email protected]http://blog.maestropublishing.com > Identi.ca / Twitter: @maestrofjp -- online documentation: http://openbd.org/manual/ google+ hints/tips: https://plus.google.com/115990347459711259462 http://groups.google.com/group/openbd?hl=en Join us @ http://www.OpenCFsummit.org/ Dallas, Feb 2012
