0

Here, i've built a script that gets the time a user accessed the login page and stores it in a session with the user's i.p address and when next the same user accesses the login page, if the time difference is less than 5 seconds, the script wil display a message telin the user to wait for 5 seconds more before logging in again. Does this algorithm help prevent or reduce dos attacks? Thanks in advance

6
Contributors
7
Replies
66
Views
4 Years
Discussion Span
Last Post by pritaeas
0

. Wao. So only my hosting providers can take care of that ryt? There nothing i can do about it in my scripts?

0

A typical denial of service attack will try to over subscribe the server. One approach is to start a TCP connection and not complete it. By opening thousands of these connections, the web server's resources are consumed to a point where the server cannot service clients. This type of attack is not going to be prevented by your application code.

If you are hosting with a provider they should have the appropriate defenses in place to combat these types of attacks.

0

You could easily create a PHP method to record each hit from each IP.
Just input the hits to your database and increment a given column on the table.
If so many hits deny IP by writing to Apache or another php script which will deny IP.
If you think the culprit is running proxy on your server then you can incorporate JAVA to get the machine name or use MaxMind Click Here and incorporate the exact idea I listed.
Problem solved, bad guy gone..

Edited by Banderson

0

Olagsfark, what you're describing does not prevent DOS attacks (there's nothing you can do in your scripts about that) but it is an example of flood control. It prevents flooding, which is when someone tries to repeatedly fill out forms on your website in order to create many multiple entries in your database unnecessarily.

0

Thanks guys, That was an eye-lifter. But does the script atleast combat brute attacks?

0

does the script atleast combat brute attacks

It delays them, but only if it's not possible to directly post to the login script (bypassing the form).

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.