| Author |
 Topic Search  Topic Options
|
pedalcars 
Senior Member
Joined: 12 August 2002
Location: United Kingdom
Status: Offline
Points: 268
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: Hacker Tracker
Posted: 04 June 2003 at 5:35pm |
|
I've just implemented a hacker tracker (200+ password guesses from an Algerian source the other day!).
When anyone puts in a wrong username / password combo into a login page that's tied in, it writes the date/time, source IP and hostname, page attacked, username and password tried to a DB. You can then log in and see if your login page has been attacked, which can then allow you to ban the source IP address from your site or report it to your host so they can, etc.
Just wondered if anyone else would be potentially interested in this; if so I would consider making it available.
|
|
|
 |
the boss
Senior Member
Joined: 19 January 2003
Location: Saudi Arabia
Status: Offline
Points: 1727
|
Post Options
Thanks(0)
Quote Reply
Posted: 04 June 2003 at 5:45pm |
MEEEEEEEEEEEEEE 
|
|
Mart
Senior Member
Joined: 30 November 2002
Status: Offline
Points: 2304
|
Post Options
Thanks(0)
Quote Reply
Posted: 05 June 2003 at 9:12am |
|
yea that sounds pretty good...
|
|
MorningZ
Senior Member
Joined: 06 May 2002
Location: United States
Status: Offline
Points: 1793
|
Post Options
Thanks(0)
Quote Reply
Posted: 05 June 2003 at 2:38pm |
another step to take is track the number of attemps in a session variable... incrementing each invalid attempt
after three, just flat out kill the page
like wrap the whole login form in:
<if Not Session("LogInAttempts") > 3 then show form>
if you want to take a step and protect against simply closing the window and reopening it (to clear session), use a cookie instead
|
|
Contribute to the working anarchy we fondly call the Internet
|
|
the boss
Senior Member
Joined: 19 January 2003
Location: Saudi Arabia
Status: Offline
Points: 1727
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 June 2003 at 12:22am |
 awsome
|
|
pedalcars
Senior Member
Joined: 12 August 2002
Location: United Kingdom
Status: Offline
Points: 268
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 June 2003 at 4:23am |
|
That's not such a bad idea. Could set a cookie with maybe a 30 minute timeout, so 3 wrong attempts and you have to wait another half hour before you can try again.
As there seems to be some interest, I'll set about de-integrating it to turn it into a relatively simple bolt-on. No promises about timescales, mind!!
|
|
|
|
fernan82
Mod Builder Group
Joined: 17 November 2002
Location: United States
Status: Offline
Points: 362
|
Post Options
Thanks(0)
Quote Reply
Posted: 07 June 2003 at 4:59pm |
i think one of the best ways to prevent your logins from being hacked is to track the session id on the form as -Borg- recently implemented on wwf (see the examples on the forums code) ...
the above are good suggestions but with some programming knowledge anyone can make a bot and try thousands of passwords in no time and get around cookies and all that, and by the time you read them logs the damage will be done already and the info in the logs will be useless as mostlikely all you'll have is an anonymous proxy IP and will never be able to get the hacker's IP
<edit> in simple words it's about impossible to track down a hacker, what you can do is try to keep them away...
Edited by fernan82
|
FeRnAN
|
|
neilcarter
Newbie
Joined: 25 August 2002
Location: United Kingdom
Status: Offline
Points: 10
|
Post Options
Thanks(0)
Quote Reply
Posted: 07 June 2003 at 7:07pm |
 fernan82 wrote:
you'll have is an anonymous proxy IP and will never be able to get the hacker's IP
<edit> in simple words it's about impossible to track down a hacker, what you can do is try to keep them away...
|
In my experience ( 56GB Bandwidth of hacking attempts in the last week ) most attempts come from comprimised machines, mainly on broadband, rather than ananymous proxys. Logging the ips allows the offending machines isp to shut the connection down.
Neil
|
|
