在不正确的登录之间设置计时器

i have a finishing touch for my login form and want to set a 2 second timer in between invalid logins.

I had two different ideas, one would be to set a cookie that expired in X amount of seconds. Then on login, check if there is a cookie set.

I am not sure however if a user can refuse to let a website set a cookie? So this could be got around.

The second idea is new DB table with the fields 'IP' and the time of invalid login.

On invalid login, a field would be created with the users IP and then the time. Upon logging in i would check this table for a matching ip and if the login time is less than X amount of seconds it is refused.

But this could be also got around using IP proxies etc?

The aim of doing this would be to prevent DDOS brute force attacks, and im guessing someone trying to do this would be quite aware of how to fake an IP / disallow cookies.

What is the best way for this?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

3条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongpaozhi5734 2013-12-24 23:45
关注
DDOS has nothing to do with it. DDOS = Distributed denial of service, it means someone will trigger a lot of computers to ask for a service in your website and your server won't be able to handle the load. This will prevent your server to give a service for "honest" users and that's why it's called "denial of service".

Preventing DDOS attacks can be tricky. The only way of handling it, is not providing a service to certain IP's or users with IPs from the areas you're being attacked from.

If you want to protect your site from brute force attack (assuming someone wants to hack into a user account) you should:

Use a good and well secured logging system. That means, using a good hashing function and salting the users passwords.

Use your second option - record the IP of a user who failed to access his account and don't let him try for 2-3 seconds. If he fails 2-3 more times, block him for 15 minutes, this will be enough time to protect your users accounts.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(2条)

报告相同问题？

关注问题

在不正确的登录之间设置计时器 php
2013-12-24 23:33

回答 3 已采纳 DDOS has nothing to do with it. DDOS = Distributed denial of service, it means someone will trigge
从php设置setInterval计时器 javascript jquery php
2016-01-31 18:27

回答 1 已采纳 I would do the following var animationTime = <?php echo $row['animTIME']; ?>; //etc... setI
PHP / Javascript倒计时计时器脚本 html javascript php
2018-11-14 01:30

回答 2 已采纳 This is not valid javascript, which is why you are getting a syntax error: var m = <? echo "$m
PHP redis 计时器,redis示例 - 限速器,计时器
2021-05-08 16:39

echo in的博客限速器的典型用法是限制公开 API 的请求次数，以下是一个限速器实现示例，它将 API 的最大请求数限制在每个 IP 地址每秒钟十个之内：FUNCTION LIMIT_API_CALL(ip)ts = CURRENT_UNIX_TIME()keyname = ip+":"+...
如何使用PHP显示计时器？ jquery php
2018-08-09 13:06

回答 2 已采纳 There is two notes on your code :- -If you want to convert a variable from php to javascript you s
多个倒计时器不在单页上工作 php
2015-09-15 06:07

回答 1 已采纳 onload is only supported on the following elements you can do something like this: <?php whil
使用js和php设置并显示表单的倒数计时器 javascript php
2013-10-30 07:51

回答 1 已采纳 Consider using a database for this or some kind of server-side check. When the student opens the t
php进程之间通信,PHP进程通信-进程信号
2021-03-17 22:26

肾病专家卢志远的博客因为我司的项目是运行在容器里边的，每次上线，需要重新打包镜像，然后启动。在重新打包之前，Dokcer会先给容器发送一个信号，然后等待一段超时时间(默认10s)后，再发送SIGKILL信号来终止容器。现在有一种情况，容器...
每次页面刷新时在计数器计时器中显示正确的时间 javascript mysql php
2015-05-09 18:01

回答 2 已采纳 You should use only seconds for a counter so it is easier to manage, anyway I have made this which
PHP / Javascript在2次之间创建倒计时 javascript php
2015-05-04 13:29

回答 2 已采纳 I have just finished in javascript, but the code seems a little long. html: <div id="process"&
php中嵌入js的计时器 php
2021-02-03 15:17

回答 3 已采纳登录时把登录时间存用户表里，做定时任务，每分钟执行一次，计算时间戳的差值，如果是3600秒的整数倍，就执行弹窗提醒程序。这个方法适合会员量不是太大的情况，如果会员比较多，可以试试Swoole的webs
php停车场计时收费软件,城市街道停车计时收费系统路边停车收费软件
2021-04-29 08:33

疯癫的A兵者的博客 1 消费方式系统支持2种消费模式：包月消费可以为办理月卡的车主用户开通月卡功能，提前录入到系统，在有效期内可在运营路段不限时停放车辆。计时消费即是计时消费。两种消费可以混合使用，可以设置进车预扣金额，可...
php怎么实现动态添加倒计时功能？ php
2022-11-11 11:15

回答 2 已采纳 <?php date_default_timezone_set("PRC"); ?> //获取当前系统时间 <?php $time=time();
controlpass的意思在PHP,php易错笔记-流程控制，函数
2021-04-12 21:01

马卡斯·扬的博客流程控制PHP 提供了一些流程控制的替代语法，包括 if，while，for，foreach 和 switch。替代语法的基本形式是把左花...Note: 不支持在同一个控制块内混合使用两种语法。特别注意：switch 和第一个 case 之间的任何输...
php 继承父类使用子类,在PHP中使用来实现子类和父类之间的继承。
2021-03-18 22:21

AnthropicAI的博客在PHP中使用来实现子类和父类之间的继承。更多相关问题在迄今为止的工业社会,相对于其他要素来说,知识是最为重要也是最为稀缺的。人们要成为现实的旅游者必须具有旅游动机足够的可以自由支配收入和足够的闲暇时间...
没有解决我的问题, 去提问

悬赏问题

¥15 乘性高斯噪声在深度学习网络中的应用
¥15 运筹学排序问题中的在线排序
¥15 关于docker部署flink集成hadoop的yarn，请教个问题 flink启动yarn-session.sh连不上hadoop，这个整了好几天一直不行，求帮忙看一下怎么解决
¥30 求一段fortran代码用IVF编译运行的结果
¥15 深度学习根据CNN网络模型，搭建BP模型并训练MNIST数据集
¥15 C++ 头文件/宏冲突问题解决
¥15 用comsol模拟大气湍流通过底部加热（温度不同）的腔体
¥50 安卓adb backup备份子用户应用数据失败
¥20 有人能用聚类分析帮我分析一下文本内容嘛
¥30 python代码，帮调试，帮帮忙吧

在不正确的登录之间设置计时器

3条回答 默认 最新

悬赏问题

3条回答默认最新