7
b3b3
7y

What are you guys doing against brute force attacks on your login webpages? I don't want anybody to access my porn ( ͡° ͜ʖ ͡°). But I don't want to block the useraccount because that would be annoying because you could simple lock a user out of his account :/ any suggestions? What are you doing on your sites?

Comments
  • 0
    Simply add a delay between the logins
  • 0
    @Rxcki but still the owner of the account wouldn't be able to login too
  • 1
    @b3b3 I mean after each failed login, even if its not that much it lowers the effectiveness of a brute-force attack significantly
  • 1
    A human will barely notice a 1 second delay while a brute force attack relies on thousands of attempts within that second and will therefore be severely hindered by the delay.
  • 0
    I totally understand that but in case a user wants to login and his account is being brute forced at the same time he can't login :/ nah whatever I'll just do it like that :)
  • 2
    Use a purposefully slow hashing algorithm to slow down logins like bcrypt.
  • 1
    Maybe block the account and send a mail with a simple re-activation link to the account owner
  • 0
    When a user has entered their password wrong for mostly 3-5 times, their account gets blocked and they need to click on an unblock link. In order to get access again (sent through email).
  • 0
    Just put captcha on the page after 3 failed login attempts
  • 0
    app.listen(8080)
  • 0
    Fail2ban is a must have
Add Comment