I searched before I posted and didn't find anything similar, but of course I could have missed it. Even when I posted I was suprised no one had mentioned this before.

To get this to be foolproof, I think it might need a new db field. Every time the login button is hit, the data in the field increases by 1, and when the login is successful, it's reset to 0. That way the admin can set how many tries the user gets.

KCWebMonkey wrote: well then, you prevent a certain IP address from logging in more that 5 times. there are always ways to make things work....

Yea and there's always ways to get around things.... if somebody uses two proxies and switch back and forth for every attempt could beat that security, unless you record every failed attempt's IP which might not be a good idea...

Gullanian wrote: Ah yes but that way what if you hate someone else and login to there account 5 times a day on purpose to stop them coming on the site?

Yeah, but see, with my way, every successful login will set the counter to 0, so you can login as many times at you want if you know the right password.

KCWebMonkey wrote: well then, you prevent a certain IP address from logging in more that 5 times. there are always ways to make things work....

Yea, of course it can be done, my point is that I don't think it will be done on WWF cuz it basicly requires a new table on the database to record all the IPs with the user ID and the number of attempts, so since WWF is designed with MS Access in mind and I know how bruce is about this kind of thing I don't think it will be done...

I can think of another way to do it with just one new text field on the Author table and store all the IPs an attempts on the same field like 192.168.1.1:1;192.168.1.2:2 so you store the IP before the : and the number of attempts after the : and separate them with ; then the field could be reseted on every successful login... It will be a good idea but I don't think it will be done tho...

Also I think the security images (numbers) on the login is the best form of defense against that, it can still be done by hand but you know how long it would take to guess a password by hand?? I think it's almost impossible..... only think I would do to improve that feature is to change the images to something harder to read as it is not impossible for a bot to read those images...

What I would like to know is how MSN Chat do their bans, cuz if you go to a chat room there and start breaking havoc and come back to the same room they'll put a ban on you that's impossible to get out of it exept by switching PCs..... They don't ban your IP or your username and they don't use cookies neither, but the do something to your PC and  you won't be able to enter the room again unless you switch to a different PC or wait till the ban is over (24 hrs)... I think they use ActiveX for that and whatever they do is global for all users on the PC cuz even if you switch to another account it still won't work...

Bliss wrote: Gullanian wrote: Ah yes but that way what if you hate someone else and login to there account 5 times a day on purpose to stop them coming on the site? Yeah, but see, with my way, every successful login will set the counter to 0, so you can login as many times at you want if you know the right password.

You're missing something..... If I attempt to log in 5 times to your account then you won't be able to login successfully to reset the counter to 0.

fernan82 wrote: What I would like to know is how MSN Chat do their bans, cuz if you go to a chat room there and start breaking havoc and come back to the same room they'll put a ban on you that's impossible to get out of it exept by switching PCs..... They don't ban your IP or your username and they don't use cookies neither, but the do something to your PC and  you won't be able to enter the room again unless you switch to a different PC or wait till the ban is over (24 hrs)... I think they use ActiveX for that and whatever they do is global for all users on the PC cuz even if you switch to another account it still won't work...

They may use an ActiveX control and put something in your Windows registry.