|
Password crackers (as they are called) use software that tries thousands of logins per second across hundreds of compromised machines across the Internet.
Custom login mechanisms work great to thwart this and should only take an experience programmer under an hour to implement.
In short what you do is set a cookie upon a successful user/pass. The cookie is based on something that is secret and also not reversible.
Here is some example pseduo-code:
hash = md5(IP ADDRESS + DATE + HOUR + "secretstring")
if (cookie has hash value) let them in
else if (isGood(user, pass)) set cookie to hash
You will also want to check the previous HOUR and reset the cookie if they cross over an hour boundary.
This technique is extremely simple to implement. 10-20 lines of PHP depending on how fancy you want to be. Each person has a different IP so it is only valid for them. Also, each cookie is only valid for an hour so even if someone did spend hours cracking the password what good would it be because it is already expired. The secret string is what is know as a "salt". This prevents people from being able to recreate the hash even if the algorithm is known because the salt is secret. After all that we md5 the result because you can not easily go from an md5 back to what it was.
I hate to say anything negative about other companies but a lot of their "solutions" are really just snake oil. The above solution is MUCH cheaper and MUCH more effective.
There are ways around captchas now (OCR or captcha farms/sweat shops).
Having a custom form makes it so that the people writing cracking software need to customize their software to your site. The vast majority of crackers are "script kiddies" that don't know how to program. They only use the tools that exist.
__________________
Adult Software Solutions (ICQ 559884738)
PHP, MySQL, Flash, Actionscript, Java, Wowza, CMS, Tube, VOD, CRM, Dating, Social Networks, Paysites, TGPs, Directories and more.
If you can think it I can build it.
|