dongmu9253 2013-12-24 23:33
浏览 153
已采纳

在不正确的登录之间设置计时器

i have a finishing touch for my login form and want to set a 2 second timer in between invalid logins.

I had two different ideas, one would be to set a cookie that expired in X amount of seconds. Then on login, check if there is a cookie set.

I am not sure however if a user can refuse to let a website set a cookie? So this could be got around.

The second idea is new DB table with the fields 'IP' and the time of invalid login.

On invalid login, a field would be created with the users IP and then the time. Upon logging in i would check this table for a matching ip and if the login time is less than X amount of seconds it is refused.

But this could be also got around using IP proxies etc?

The aim of doing this would be to prevent DDOS brute force attacks, and im guessing someone trying to do this would be quite aware of how to fake an IP / disallow cookies.

What is the best way for this?

  • 写回答

3条回答 默认 最新

  • dongpaozhi5734 2013-12-24 23:45
    关注

    DDOS has nothing to do with it. DDOS = Distributed denial of service, it means someone will trigger a lot of computers to ask for a service in your website and your server won't be able to handle the load. This will prevent your server to give a service for "honest" users and that's why it's called "denial of service".

    Preventing DDOS attacks can be tricky. The only way of handling it, is not providing a service to certain IP's or users with IPs from the areas you're being attacked from.

    If you want to protect your site from brute force attack (assuming someone wants to hack into a user account) you should:

    1. Use a good and well secured logging system. That means, using a good hashing function and salting the users passwords.
    2. Use your second option - record the IP of a user who failed to access his account and don't let him try for 2-3 seconds. If he fails 2-3 more times, block him for 15 minutes, this will be enough time to protect your users accounts.
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

  • PHP redis 计时器,redis示例 - 限速器,计时器
    2021-05-08 16:39
    echo in的博客 限速器的典型用法是限制公开 API 的请求次数,以下是一个限速器实现示例,它将 API 的最大请求数限制在每个 IP 地址每秒钟十个之内:FUNCTION LIMIT_API_CALL(ip)ts = CURRENT_UNIX_TIME()keyname = ip+":"+...
  • 倒计时功能与时间显示的JavaScript和PHP实现
    2024-10-24 15:54
    周立-ric的博客 简介:倒计时和“多少秒前”显示是Web开发中常见功能,用于显示活动时间或更新动态时间信息。本文将分别介绍如何使用JavaScript实现倒计时功能,以及如何使用PHP将时间戳转换为“多少秒前”的格式。JavaScript通过...
  • countdown-clock:基于图像的电子邮件倒计时时钟
    2021-07-12 12:03
    在这个项目中,PHP被用来生成倒计时的图像,这是因为许多电子邮件客户端不支持或限制JavaScript,而静态图片则可以确保在大多数情况下正常显示。 2. **图像生成**: - 倒计时时钟以图像的形式生成,是因为在邮件...
  • JS+PHP斗地主2.0版本源码下载
    2024-05-24 23:24
    这涉及到DOM操作、事件监听、计时器等功能。此外,为了保证游戏规则的正确执行,JavaScript需要实现一套完整的牌型判断算法,如顺子、对子、飞机、炸弹等,并确保玩家出牌的合法性。 其次,PHP在后端的角色主要是...
  • php停车场计时收费软件,城市街道停车计时收费系统 路边停车收费软件
    2021-04-29 08:33
    疯癫的A兵者的博客 1 消费方式系统支持2种消费模式:包月消费可以为办理月卡的车主用户开通月卡功能,提前录入到系统,在有效期内可在运营路段不限时停放车辆。计时消费即是计时消费。两种消费可以混合使用,可以设置进车预扣金额,可...
  • PHP 中的错误处理和调试:在PHP中调试
    2024-05-03 05:00
    新华的博客 PHP 中的调试技术涉及识别和修复代码中的错误和问题,以确保正常运行。它包括各种方法,例如使用错误报告、日志记录和调试工具。错误报告设置有助于识别语法错误和运行时问题,为调试提供有价值的信息。日志记录技术...
  • PHP DateTime基础用法
    2024-10-14 22:54
    CodingBrother的博客 DateTime类是 PHP 的一个内置类,用于表示日期和时间。它封装了时间戳和相关的操作,使得日期和时间的处理变得更加直观和容易.
  • php 8.3.0 更新日志
    2025-10-05 16:48
    csdddn的博客 PHP 8.3.0 更新摘要:本次更新修复了多项核心功能问题,包括Bcmath数字处理、CLI服务器改进、信号处理优化、纤程支持增强等。DOM模块新增了多个实用方法如contains()、getRootNode()等,并修复了多项性能问题。...
  • php状态命令,status命令查看运行状态
    2021-03-25 10:16
    酔与符号的博客 # 查看运行状态运行 ```php start.php status```可以查看到WorkerMan的运行状态,类似如下:```----------------------------------------------GLOBAL STATUS----------------------------------------------------...
  • PHP面试题(含答案),持续更新
    2022-08-25 14:50
    ypa-达瓦里希的博客 PHP面试题(含答案),持续更新(会有重复)
  • 没有解决我的问题, 去提问