What to do when people don't stop trying to get into your member area by guessing user/passwords?

**Porko** · 08-20-2010, 02:58 PM

Strongbox is fantastic. Send an email to these guys, they will give you some tips.

**notime** · 08-20-2010, 03:00 PM

Spank them !

**scarlettcontent** · 08-20-2010, 03:01 PM

display a captcha.

**damnage** · 08-20-2010, 03:40 PM

Maybe a Vbulletin style login where if you get 5 tries before having to wait 15 mins?

**vano** · 08-20-2010, 03:42 PM

ban IP after 5 tries

**yal** · 08-21-2010, 12:34 AM

is there any alternative to strong box ?

**bja** · 08-21-2010, 12:37 AM

Originally posted by yal

is there any alternative to strong box ?

Any half-competent admin can properly configure a *nix box to keep up to date and use sane configurations.

**seeandsee** · 08-21-2010, 01:14 AM

Originally posted by MaDalton

53480 logins unsuccessful.
39141 different usernames tried to login from 1567 different IP ranges from 131 ISPs in 7 countries.

and this goes on since 3-4 days, thanks to Strongbox no one seemed to be successful so far.

can i make this stop somehow? it's annoying

who have such options and use it for hacking one pass?

**erooup** · 08-21-2010, 01:49 AM

You were most likely featured on a password sharing list. There wont come many sales out of it, but its still creating awareness of your site.

**Paul Markham** · 08-21-2010, 03:08 AM

Ask Ray at Strongbox, he will have the answer.

Other than consigning the email notifications straight to the Delete box, what's the problem?

**MaDalton** · 08-21-2010, 05:39 AM

Originally posted by Porko

Strongbox is fantastic. Send an email to these guys, they will give you some tips.

so far Strongbox is holding up good. but we also use 16 digit random user/password combinations, so all these attempts are pretty fruitless anyways

Originally posted by notime

Spank them !

i wish i could

Originally posted by scarlettcontent

display a captcha.

Strongbox does that

Originally posted by vano

ban IP after 5 tries

Strongbox does that

Originally posted by erooup

You were most likely featured on a password sharing list. There wont come many sales out of it, but its still creating awareness of your site.

so i should be thankful? ;)

Originally posted by Paul Markham

Ask Ray at Strongbox, he will have the answer.

Other than consigning the email notifications straight to the Delete box, what's the problem?

it's annoying me that i get hundreds of emails - lol

**~Ray** · 08-21-2010, 05:47 AM

Ask yourself this. How many attempts should I give a real member to remember and login to my website?

3? 5? 7? 10?

Well, once that ip reaches the limit you set, then bann that ip from your server.

Over time, the number of failed attempts will drop.

I am not Ray from strongbox

~Ray

**wizzart** · 08-21-2010, 06:22 AM

block IP if he try 5 times unsuccessful.

**woj** · 08-21-2010, 06:43 AM

50k requests is nothing, I wouldn't worry about it...

**ottopottomouse** · 08-21-2010, 06:50 AM

Move the login page if it just bashing away at you like someone has left a computer running with a set of lists.

**Ecchi22** · 08-21-2010, 06:55 AM

Originally posted by seeandsee

who have such options and use it for hacking one pass?

Its not very hard to spread a botnet to 2k machines ;)

**Stephen** · 08-21-2010, 07:35 AM

Originally posted by MaDalton

so i should be thankful? ;)

Maybe

I was once a fan of bogus paysites that were really free sites / affiliate site hubs...

Toss an htaccess / htpasswd gateway on it and add a number of logins, then share those logins on various boards (one each so you can track the source of your new visitors) and watch your visitor count climb.

This traffic can be traded or sold, but is also productive and often overlooked

**gleem** · 08-21-2010, 07:37 AM

use proxypass, it will ban the IP's trying to get in after a few attempts, has black list updated all the time with known Proxies that are used for brute force.

**gmr324** · 08-21-2010, 11:32 AM

is there any alternative to strong box ?

PhantomFrog is a very viable aletrnative to Strongbox. Frog offers the most accurate
password abuse detection available with our unique Hi-Res Geo-IP Tracking. Furthernore,
it provides 24/7 uninterrupted access to your members area for legit members and none
to hackers with our Automated Member Support (AMS) feature. This way, webmasters
can focus on more important work like site content and promotion rather than password
management and damage control.

Finally, Frog has Bruteforce Attack and Bandwidth Abuse Protection. Too many 401 errors
on an IP address, will get the IP address blocked if the IP address has been associated
with brute force, we remember/block the IP address.

Frog offers a Free Trial that installs easily. You don't have to disable any current pass
protection system you're currently using so you get a live side-by-side parallel comparison of the two systems.

To learn more about Phantom Frog or see our webmaster testimonials, click here

To install a Free Trial of PhantomFrog, click here

What to do when people don't stop trying to get into your member area by guessing user/passwords?

What to do when people don't stop trying to get into your member area by guessing user/passwords?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment