GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Possible solution to brute force password hacking our member area's (code inside)

woj · 10-01-2002, 02:53 AM

For every smart webmaster, there is even a smarter cracker. What's stopping the cracker from checking the actual html produced, instead of the response code?

The obvious solution to prevent brute force, would be to "block" IP and/or username after X unsuccessful attempts. Even if the cracker has access to 1000s of proxies, it will make his job more difficult, especially if he doesn't know that his IP and/or username is getting "blocked."

The other solution is to display a random error page each time incorrect password is provided. This will make detecting whether the password is correct or not more difficult.

There are of course many other methods that can be used to protect from brute forcing, but if the cracker knows which protection method is used, he/she can usually go around it.

10-01-2002, 02:53 AM
woj <&(©¿©)&> Industry Role: Join Date: Jul 2002 Location: Chicago Posts: 47,882	For every smart webmaster, there is even a smarter cracker. What's stopping the cracker from checking the actual html produced, instead of the response code? The obvious solution to prevent brute force, would be to "block" IP and/or username after X unsuccessful attempts. Even if the cracker has access to 1000s of proxies, it will make his job more difficult, especially if he doesn't know that his IP and/or username is getting "blocked." The other solution is to display a random error page each time incorrect password is provided. This will make detecting whether the password is correct or not more difficult. There are of course many other methods that can be used to protect from brute forcing, but if the cracker knows which protection method is used, he/she can usually go around it. __________________ Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000 Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager