Login or Register  • Home • Downloads • Your Account • Forums •

Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in Ban user after set # of failed login attempts View next topic View previous topic   Web RavenPHPScripts (This Site)      Ravens PHP Scripts And Web Hosting Forum Index » NukeSentinel(tm) Enhancement Requests Author Message srhh Involved Joined: Dec 27, 2005 Posts: 296 Posted: Fri Dec 30, 2005 11:17 pm I'm not sure if this should be posted in Sentinel or wanted modules/add-ons. I'd like to know if it is possible to, by either using Sentinel or another method, to ban any user after a set number of failed login attempts, whether the login attempts are for regular users or for admins. Haven't come up with anything in google or the forums. montego Site Admin Joined: Aug 29, 2004 Posts: 7458 Location: Arizona Posted: Sat Dec 31, 2005 8:03 am srhh, I am going to move this topic to the NukeSentinel Enhancement Requests forum. I'll let Raven then decide if this should really be outside the realm of NS. Regards, montego persona_non_grata Joined: Posts: 0 Posted: Sat Dec 31, 2005 11:08 am Well i guess it should use something like....(sample i found).. $sql = "SELECT COUNT(*) AS `failedlogins` FROM `tblLoginAttempts` WHERE `user_id` = '".$_POST["username"]."' AND `reset` = 'N'"; $loginResult = mysql_query($sql, $link_id) or die("Problems checking number of login attempts."); if ($row['failedlogins'] > 3) { die("Your account is locked due to the number of failed logins. Please contact your administrator to re-activate your account"); } else { UnLeasheD New Member Joined: May 01, 2005 Posts: 21 Location: GB Posted: Sat Dec 31, 2005 12:24 pm I think this would be a good addition. But I would prefer to see a timed login method, where if someone tries to login and fails it gives a period (set by an admin) before a login attempt is allowed again. This would at least help to slow down and deter script kiddies from using dictionary attacks. Just a thought! Guardian2003 Site Admin Joined: Aug 28, 2003 Posts: 4821 Posted: Sat Dec 31, 2005 3:00 pm UnLeasheD wrote: I think this would be a good addition. But I would prefer to see a timed login method, where if someone tries to login and fails it gives a period (set by an admin) before a login attempt is allowed again. This would at least help to slow down and deter script kiddies from using dictionary attacks. Just a thought! If you were to restrict log-in attempts by building in a delay, you would also have to have some mechanism to advise the person attempting the second log-in attempt of that delay thus it may be self-defeating. However, restricting the actual number of *allowable* attempts would seem a more viable approach and I think Chatserv has incorporated something along these lines in the next BBtonuke upgrade. srhh Involved Joined: Dec 27, 2005 Posts: 296 Posted: Sat Dec 31, 2005 8:49 pm persona_non_grata wrote: Well i guess it should use something like....(sample i found).. $sql = "SELECT COUNT(*) AS `failedlogins` FROM `tblLoginAttempts` WHERE `user_id` = '".$_POST["username"]."' AND `reset` = 'N'"; $loginResult = mysql_query($sql, $link_id) or die("Problems checking number of login attempts."); if ($row['failedlogins'] > 3) { die("Your account is locked due to the number of failed logins. Please contact your administrator to re-activate your account"); } else { What files should I plug this into to test it? persona_non_grata Joined: Posts: 0 Posted: Sat Dec 31, 2005 9:04 pm hi srhh,its just a simple sample i picked up... Its not that easy to create this... better wait untill someone replies to this...raven or bob....etc... srhh Involved Joined: Dec 27, 2005 Posts: 296 Posted: Sun Jan 01, 2006 1:08 am You mean, nobody wants to spend new years eve pondering nuke questions? Bahh!! What' the matter with you guys! persona_non_grata Joined: Posts: 0 Posted: Sun Jan 01, 2006 7:24 am no i mean that you dont write this in a few hours. It can be complicated..specially when it integrates with sentinel. you dont want the wrong person banned do you... they also have to figure out how they will count the total logins and that info has to be stored including the persons ip,otherwise they can try again after they close the browser.. srhh Involved Joined: Dec 27, 2005 Posts: 296 Posted: Sun Jan 01, 2006 3:09 pm I really do understand all the work that goes into this, I was just poking fun (at myself really) for celebrating New Years in front of my PC like a geek. srhh Involved Joined: Dec 27, 2005 Posts: 296 Posted: Sun Jan 01, 2006 3:30 pm It appears that the max # of login attempts is already out there! Not sure if I understand what BBtoNuke is or if it is still usable with Sentinel. Here is the link: Only registered users can see links on this board! Get registered or login to the forums! persona_non_grata Joined: Posts: 0 Posted: Sun Jan 01, 2006 3:39 pm well thats for dictionary attacks.... that means.... A method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with words that have a higher possibility of being used, such as names and places. The word “dictionary” refers to the attacker exhausting all of the words in a dictionary in an attempt to discover the password. Dictionary attacks are typically done with software instead of an individual manually trying each password. But bbtonuke is just your forum..if you upgrade to the newest it will be in there ... but i just prefer only the max login... srhh Involved Joined: Dec 27, 2005 Posts: 296 Posted: Sun Jan 01, 2006 6:40 pm I see. Wow, its really pathetic what lengths some people will go to to get into an account! I don't have my forums active, so I'd prefer just a direct max login too. menelaos61 Worker Joined: Nov 10, 2004 Posts: 110 Posted: Wed Jan 04, 2006 4:36 am Hey guys, It seems CNB Your Account has been off the radar for a while. This is due to me getting married this April... Anyway, the max numbers of failed logins combined with a delay for the next attempt is such a good idea that I'm gonna include it in the current version. Stay tuned... Cheers, Richard Guardian2003 Site Admin Joined: Aug 28, 2003 Posts: 4821 Posted: Wed Jan 04, 2006 5:52 am menelaos61 wrote: Hey guys, It seems CNB Your Account has been off the radar for a while. This is due to me getting married this April... Anyway, the max numbers of failed logins combined with a delay for the next attempt is such a good idea that I'm gonna include it in the current version. Stay tuned... Cheers, Richard You would have to employ some method of reminding users that they have to wait until they try again or they will end up banning themselves and thus create more work for admins in re-instating accounts - perhaps a count down timer, bar graph displayed on the page etc might help? Display posts from previous:   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year  Oldest FirstNewest First        Ravens PHP Scripts And Web Hosting Forum Index » NukeSentinel(tm) Enhancement Requests  Jump to:  Select a forum Read Me First!!!----------------Board Rules and Regulations Web Hosting Services----------------RWH GeneralRWH Pre Sale QuestionsRWH Client Center Application OnlyRWH OtherFAQ - PHP5 w/phpSuExec Conversion From PHP4PHP5 Conversion Issues From PHP4 RavenNuke(tm) Programming Standards/Approaches/Philosophy----------------Converting/Creating BlocksConverting/Creating ModulesConverting/Creating ThemesConverting/Creating OtherConverting/Creating General Discussion RavenNuke(tm) v2.3x----------------v2.3 RN Announcementsv2.3 RN Quick Fixesv2.3 RN Issuesv2.3 RN Documentationv2.3 RN Feedback/Suggestions Recommended Reading----------------Reading - AnnouncementsReading - Digital BooksReading - Hard/Soft cover BooksReading - Digital MagazinesReading - Printed Magazines RavenNuke(tm) Addons----------------FCKeditor/WYSIWYG IssuesnukeFeed/FeedCreatorForum Attachment ModnukeSEOShortLinks/TegoNukeNukePie/SimplePie RavenNuke(tm) v2.2x----------------RN v2.20.00 - AnnouncementsRN v2.20.00 - All IssuesRN v2.20.00 - Feedback RavenNuke(tm) v2.10.01----------------RN v2.10.01 - All IssuesRN v2.10.01 - Feedback RavenNuke(tm) v2.10.00----------------RN AnnouncementsRN FAQRN Bug FixesRN Not BugsRN Documentation Issues/SuggestionsRN Enhancement Requests and SuggestionsRN NSN Groups IssuesRN Themes IssuesRN NukeSentinel(tm) issuesRN Installer/Setup IssuesRN Bug Reports - Other IssuesRN Conversion Issues From v2.02RN Conversion Issues From Standard phpNukeRN The Good, The Bad, The Ugly Site Specific Stuff----------------READ ME FIRSTAnnouncementsRaven's v7.0 Customized DistroHack Attempt ScriptRaven's Customized Distribution PacksBUGS/FIXES - Raven's v7.3 Customized DistroCache Lite Admin ModuleNuke Tool Box (TM)Captcha SecurityRaven's RavenNuke(tm) v1.x DistroRaven's RavenNuke(tm) v2.00.00 - v2.02.00 DistroWYSIWYG - Raven's RavenNuke(tm) v2.x DistroUpgrade Pack For RavenNuke(tm) v1.05.00 to v2.02.00Raven's Collapsing Forums BlockGT - Raven's RavenNuke(tm) v2.x DistroRaven's RavenNuke(tm) v2.02.02 DistroPost Fixes - Raven's RavenNuke(tm) v2.02.02 DistroRaven's RavenNuke(tm) v2.10.00Public Testing of RavenNuke(tm) v2.10.00HtAccesser Security----------------Security - PHP NukeSecurity - OtherNukeSentinel(tm) v2.6.xNukeSentinel(tm) v2.5.xNukeSentinel(tm) v2.4.xNukeSentinel(tm)NukeSentinel(tm) Bug ReportsNukeSentinel(tm) Enhancement RequestsNukeSentinel(tm) AnnouncementsEasy IP Ban Reference [eC-IPBR]PHP-Nuke Patched Series By Chatserv Information About Forums----------------Old Forum EntriesPHPBBBB2NukePunBB PHP-Portal Project (Not General phpnuke!)----------------AnnouncementsGeneral - PHP Portal ProjectDevelopersDesign Discussions Scripts - General----------------Post Release FixesBug FixesGeneral/Other StuffHow To'sInstallation HelpPost Installation HelpGT - Next Gen and StandardSeeking applications ...ThemesBlocksModulesMaking Nuke Efficientphpnuke 8.1phpnuke 8.0phpnuke 7.9phpnuke 7.8phpnuke 7.7phpnuke 7.6phpnuke 7.6 Bugs/Fixesphpnuke 7.5phpnuke 7.4phpnuke 7.3phpnuke 7.2phpnuke 7.1phpnuke 7.0phpnuke 6.9phpnuke 6.8Bug Fixes for phpnuke 6.5phpnuke 6.5Gallery/Gallery2CNB Your AccountM2FBrowser Specific IssuesUpgrading NukeNuke Treasury Other CMS/Portal Applications----------------Post NukeNuke PlatinumNuke Evolution PHPBB----------------Stand Alonew/Nuke 6.5w/Nuke 6.9BBtoNuke ModsBBtoNuke General Programming - Server Help----------------PHPMySQLFor HireApacheHTMLCSSJavaScriptServer Help Guestbook Application (KISGB)----------------KISGB General Support Stock Quote Application (KISSQ)----------------KISSQ General Support NSN Scripts----------------NSN NewsNSN GroupsNSN OtherNSN Gr Downloads - a.k.a NukeDepository 6.5 Hacks----------------Old Articles Hack Nuke News Module Hack To Allow Ordering of Articles----------------News Module Hack - AnnouncementsNews Module Hack - BugsNews Module Hack - Enhancement RequestsNews Module Hack - Discussion Other Stuff----------------Other - DiscussionOther - Sites To VisitOther - Chit ChatOther - PoliticsOther - Movie ReviewsOther - The Wastelands of NukeworldOther - Book ReviewsOther - Humor Religion----------------Religion - GeneralPrayer/Praise Requests Potpourri----------------Rants & Raves Guest Editorials----------------My Turn - James R. Sanders  View next topic View previous topic You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Forums ©

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2008 by Raven
Proud to be listed at Lobo Links Web Directory

You can syndicate our news using the file



Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.


:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com ::
:: fisubice Theme Recoded To 100% W3C CSS & HTML 4.01 Transitional Compliance by Raven and 64bitguy ::
:: :: ::

zerosum