| Colin McKinnon 2007-04-09, 9:57 pm |
| antony wrote:
> if in a file there is a form with login;
> and one user use it in ten minute very time (it not know the username and
> password an does an attack dos);
> is possible to stop that ip for x minute?
> or insert in a blacklist ip?
If you try tarpitting in you own code ...
if (!valid($_REQUEST['password'], $_REQUEST['username'])) {
sleep(20);
invalid_response();
} else {
sleep(20);
valid_resonse();
}
You'll provide the attacker with a mechanism for carrying out an easy denial
of service attack against your site.
Using the source IP may not give you a true picture of what's going on -
most ISPs will now use (often transparent) proxying - (so multiple
customers can have appear to have the same origin address) and some will do
load balancing across multiple servers (so one customer appears to have
mustiple origina addresses). Its probably not going to be a good idea to
give you PHP enough privilieges to reconfigure the firewall directly. And
most firewalls won't be able to discriminate between different URLs.
The best solution is to use a captcha, which when authenticated provides a
cookie granting access to the login page (which then accepts a username and
password to authenticate the user). Have a think about why they should be
on seperate pages.
HTH
C.
|