Possible solution to brute force password hacking our member area's (code inside) - Page 2 - GoFuckYourself.com

cat · 11-15-2002, 03:02 AM

hi Boys,

Boldy is ill, he soon will be back again.

Backov · 11-15-2002, 03:20 AM

Quote:

Originally posted by Dragon Curve

Uhm, I'd like to see on their page where it says they use a database of proxies.

http://www.proxypass.com/ppass.php?page=solutions

Reading est good. Comprehending is better.

strainer · 11-15-2002, 09:02 AM

Quote:

Originally posted by Dragon Curve

Note that that won't give you a 10%. For all you know you could get RandomValue equaling 10 every single time. Unlikely, but possible. Doesn't really matter tho.

Actually it does work perfectly; I have tested it. Once seeded and started, a proper working random generator like this will indeed produce a 10 almost precisely 10% of the time.

That doesn't mean that SOMETIMES you won't get 2 10's in a row, but after a million runs you will have 100,000 10's, evenly distributed across the bell curve.

boldy · 11-15-2002, 11:38 AM

Nice stuff guys! Ill implement the 10% thingie to ...

PxG · 11-15-2002, 12:51 PM

Quote:

Originally posted by Dragon Curve
ProxyPass - doesn't sound like a very good idea to me. Obviously this will be checking for open 80/8080/1080 or what not ports on the incoming host. This poses many problems. For starters, clearly you need a timeout to verify the ports are open/closed. This will drastically slow down your response time for servers which I wouldn't consider a good thing AT ALL especially in this industry.

Secondly, if it were just open ports, then that's a very poor method of checking if the server is an open proxy (I doubt it would be done like this). Some sort of verification (especially for port 80) would have to be done - again, taking x amount of time to do.

"(4) Detection and denial of requests from multiple (non-proxy) IP addresses sending high numbers of unsuccessful authentication requests for the same username. This implies a distributed network attack."

I would very much like to know how you could ever possibly hope to protect against something like that and not give users downtime.

"In addition, the authentication portions of Apache were written in relatively poor manner. "

I'd like to see info that could back that up =P

There is no real protection against brute force attacks like this that I can see that will guarantee your users uptime.

Please Get Educated about our product. Here's a link to oue technical FAQ:!
http://www.proxypass.com/docs/proxypass_tech_faq.pdf

Best regards,
PxG

boldy · 12-08-2002, 04:06 AM

For those who are interested i've add that 10% thingie to my 401.php

http://www.kimhollandcash.com/401.txt

goBigtime · 12-08-2002, 04:13 AM

For bruteforce protection/deterrance we use MemLogin
(available from PaysitePowertools.com )

and use Iprotect (an apache module) for password abuse - though iprotect doesn't help much against proxy based attacks.

Memlogin basically hides the real members URL from everyone except you & your members. If you set things up properly you won't ever be bothered by bruteforce traffic spikes again =]

boldy · 02-10-2003, 05:26 PM

*bruteforce night bump*

11-15-2002, 11:38 AM	#54
boldy Macdaddy coder Industry Role: Join Date: Feb 2002 Location: MacDaddy pimp coder Posts: 2,806	Nice stuff guys! Ill implement the 10% thingie to ... __________________ MacDaddy Coder.

12-08-2002, 04:06 AM	#56
boldy Macdaddy coder Industry Role: Join Date: Feb 2002 Location: MacDaddy pimp coder Posts: 2,806	For those who are interested i've add that 10% thingie to my 401.php http://www.kimhollandcash.com/401.txt __________________ MacDaddy Coder.

12-08-2002, 04:13 AM	#57
goBigtime Confirmed User Join Date: Nov 2002 Posts: 7,761	For bruteforce protection/deterrance we use MemLogin (available from PaysitePowertools.com ) and use Iprotect (an apache module) for password abuse - though iprotect doesn't help much against proxy based attacks. Memlogin basically hides the real members URL from everyone except you & your members. If you set things up properly you won't ever be bothered by bruteforce traffic spikes again =] Last edited by goBigtime; 12-08-2002 at 04:14 AM..

02-10-2003, 05:26 PM	#58
boldy Macdaddy coder Industry Role: Join Date: Feb 2002 Location: MacDaddy pimp coder Posts: 2,806	bruteforce night bump __________________ MacDaddy Coder.

11-15-2002, 03:02 AM	#51
cat Registered User Join Date: Feb 2002 Location: europe Posts: 493	hi Boys, Boldy is ill, he soon will be back again.