Here, i've built a script that gets the time a user accessed the login page and stores it in a session with the user's i.p address and when next the same user accesses the login page, if the time difference is less than 5 seconds, the script wil display a message telin the user to wait for 5 seconds more before logging in again. Does this algorithm help prevent or reduce dos attacks? Thanks in advance
Olagsfark
0
Newbie Poster
Recommended Answers
Jump to PostNot really, they target mostly your IP not your login script.
Jump to PostA typical denial of service attack will try to over subscribe the server. One approach is to start a TCP connection and not complete it. By opening thousands of these connections, the web server's resources are consumed to a point where the server cannot service clients. This type of attack …
All 7 Replies
Szabi Zsoldos
26
Learner and helper guy
Not really, they target mostly your IP not your login script.
Olagsfark
0
Newbie Poster
. Wao. So only my hosting providers can take care of that ryt? There nothing i can do about it in my scripts?
JorgeM
958
Problem Solver
Team Colleague
Featured Poster
A typical denial of service attack will try to over subscribe the server. One approach is to start a TCP connection and not complete it. By opening thousands of these connections, the web server's resources are consumed to a point where the server cannot service clients. This type of attack is not going to be prevented by your application code.
If you are hosting with a provider they should have the appropriate defenses in place to combat these types of attacks.
Banderson
29
Junior Poster in Training
You could easily create a PHP method to record each hit from each IP.
Just input the hits to your database and increment a given column on the table.
If so many hits deny IP by writing to Apache or another php script which will deny IP.
If you think the culprit is running proxy on your server then you can incorporate JAVA to get the machine name or use MaxMind Click Here and incorporate the exact idea I listed.
Problem solved, bad guy gone..
Dani
4,084
The Queen of DaniWeb
Administrator
Featured Poster
Premium Member
Olagsfark, what you're describing does not prevent DOS attacks (there's nothing you can do in your scripts about that) but it is an example of flood control. It prevents flooding, which is when someone tries to repeatedly fill out forms on your website in order to create many multiple entries in your database unnecessarily.
Olagsfark
0
Newbie Poster
Thanks guys, That was an eye-lifter. But does the script atleast combat brute attacks?
pritaeas
2,194
¯\_(ツ)_/¯
Moderator
Featured Poster
does the script atleast combat brute attacks
It delays them, but only if it's not possible to directly post to the login script (bypassing the form).
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.