Discussion Forum: Slow down brute force attackers on login.php - pHp-Fusion.Org

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

View Thread

pHp-Fusion.Org | Open Source PHP + MySQL Powered Website » PHP-Fusion v7 protection mods & tips » Modifications to protect your website

Keep spammers and bots out.

Slow down brute force attackers on login.php
Fusioneer	#1 Posted on 21-09-2012 16:18
Super Admin Posts: 64 Joined: 20-10-2011	This very simple mod uses the php sleep function. It slows down brute force attackers on login.php. The delay only occurs when a wrong user/pass combination is given. Correct login is not affected. Open login.php Find GeSHi: PHP `switch ($_GET['error']) Parsed in 0.022 seconds, using GeSHi 1.0.8.10` Directly below you wil find GeSHi: PHP `case 1: echo $locale['global_196']; break; Parsed in 0.009 seconds, using GeSHi 1.0.8.10` Now you can do two things 1 step modification or a two step modification 1 step modification: GeSHi: PHP `case 1: echo $locale['global_196']; echo "You had to wait 15 seconds because your login was incorrect."; sleep(15); // mod Wanabo break; Parsed in 0.009 seconds, using GeSHi 1.0.8.10` 2 step modification: GeSHi: PHP `case 1: echo $locale['global_196']; echo $locale['wanabo_010']; sleep(15); // mod Wanabo break; Parsed in 0.008 seconds, using GeSHi 1.0.8.10` and add to locale\English\global.php just before ?> at the end of the file: GeSHi: PHP `$locale['wanabo_010'] = "You had to wait 15 seconds because your login was incorrect."; Parsed in 0.008 seconds, using GeSHi 1.0.8.10` Because I administer several websites with different languages I opted for the 2 step modification. And put the correct translation in the corresponding global.php language folder. This makes bulk updates easier. Warning about ParkingCrew.com! Case: ParkingCrew.com acquires NameDrive.com but earnings are not transferred despite assurances and promises. Inquiries about this are ignored! It's just a con compagny. Don't do business with them!

Jump to Forum

Use BBcode or HTML to refer to; 'Slow down brute force attackers on login.php'

BBcode:
HTML: