GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Possible solution to brute force password hacking our member area's (code inside)

Dragon Curve · 11-14-2002, 05:17 AM

Not a bad solution, however first of all requires PHP to be installed and this will still cause large server load. Not only are you forking off an Apache but you're also running a PHP up as well.

The issue mainly with password brute forcing I think is the bandwidth/server load issue. What you really need is to find some way to block out the IPs that are executing failed requests. However this is problematic, considering there is no simple way to differentiate between attacker and user.

I can't think of any real PLAUSIBLE solution that will totally secure a server without causing downtime for the user.

11-14-2002, 05:17 AM
Dragon Curve Confirmed User Join Date: Oct 2002 Posts: 252	Not a bad solution, however first of all requires PHP to be installed and this will still cause large server load. Not only are you forking off an Apache but you're also running a PHP up as well. The issue mainly with password brute forcing I think is the bandwidth/server load issue. What you really need is to find some way to block out the IPs that are executing failed requests. However this is problematic, considering there is no simple way to differentiate between attacker and user. I can't think of any real PLAUSIBLE solution that will totally secure a server without causing downtime for the user.