|
Stop Brute Foce Attacks Without spending a dime 100% effective
Why spend money on programs like pennywise to prevent brute force attacks??? (well actually pennywise is free now but anyway)
All you need to know is how the brute force programs themselves work... Just place your members index page in a frame page that is NOT password protected. now make the top frame invisible opening a blank page (doesnt matter because your members cant see it) make the bottom page link to your members page which IS password protected. This will confuse the HELL out of the bruteforcing programs (they wont even get one attempt off) Next using java do not allow any right clicking, and hide your page source.... Thats it your site is now Brute force attack proof!!! Anyone who finds this information helpful say thank you in here (so i get the dvd player LMAO) and if you really like the info link to my site http://www.xxxorgygirls.com http://bbs.gofuckyourself.net/board/smile.gif [This message has been edited by Fridginator (edited 10-04-2001).] |
Interesting... but what's to prevent getting the url to the bottom page, loading it directly, and bypassing the frameset? (this alone does not pose unauthorized entrance to the protected area, but nullifys the frameset for bruteforce purposes)
|
thats the beauty of java baby!! just have a scrolling banner down there! and thats why first you hide your page source then they can get you sources of the frames secondly using java you put the scrolling text on the bottom and disable right clicking http://bbs.gofuckyourself.net/board/smile.gif
[This message has been edited by Fridginator (edited 10-04-2001).] |
??? You lost me... one way or another, you gotta have a doorway for members to go through... whatever that page is, I can find the url for it.... if the url for that entrance can be found, the frameset can be bypassed... how does a scrolling banner have anything to do with it? Am I missing something crucial in the formula...?
|
Ok as I said first your frameset will not be password protected. The top frame is to be invisible and loading a blank frame. The second (bottom) frame is to be linked to your members area. Now all the program/visitor sees is the frameset name not your members area url because that is just loading in a frame. Now there are only two ways a hacker can find out where your true members section is first is by opening the pages source. To avoid this there are java scripts/codes out there that hide the page source. The second is by right clicking on an image and find its url... thats why you forbid right clicking (again with java) The last way is by the hacker watching the bottom of the navigator to see where everything is loading from.... Stop this by using scrolling texts at the bottom of the frame page http://bbs.gofuckyourself.net/board/smile.gif
Hows that or should i create an example? |
I see what you're saying... I use scrolling text in my status bars as well, just to cover my blind links... but I haven't seen anything yet that can completely hide the source. Disabling "right click" only stops newbie surfers... not guys using bruteforce proggys. If you whip up a generic example, I promise I can find your url... http://bbs.gofuckyourself.net/board/wink.gif
|
check back in 10 minutes ill have it http://bbs.gofuckyourself.net/board/smile.gif
|
Ahhh... I love a good challenge... http://bbs.gofuckyourself.net/board/biggrin.gif
Anyone wanna place your bets? Now's the time.... http://bbs.gofuckyourself.net/board/wink.gif |
$10 on Amp
http://bbs.gofuckyourself.net/board/cool.gif |
Been away for a bit, but I had to reply to this http://bbs.gofuckyourself.net/board/wink.gif
Security through obscurity doesnt work. All I have to do is use a simple program which gets the url without displaying the html as html, but shows it as plain text. I then see your frame src tags. I then look at each one in turn and load each using the same program till I get a HTTP/1.0 401 Unauthorized response. Bam http://bbs.gofuckyourself.net/board/wink.gif Give me your main url I guarantee a way in in 5 minutes http://bbs.gofuckyourself.net/board/smile.gif. Sorry if I destroyed any illusions...security IS an illusion 99% of the time |
http://bbs.gofuckyourself.net/board/biggrin.gif ...and people keep telling me I'm out of my mind...
|
I must add though that this does make the crackers job harder - which perhaps makes it worth a go...every little counts.
|
Well, it's like I say for any type of lock... locks for your car... locks for your house... doesn't matter. Locks keep out the honest people. If someone wants in bad enough, they'll get in.
|
Hehe http://bbs.gofuckyourself.net/board/biggrin.gif
True...but then a good choice of a lock which isnt obtrusive can very often keep 99% of the bad folks out while not driving the good folks mad. |
| All times are GMT -7. The time now is 12:46 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123