Here, i've built a script that gets the time a user accessed the login page and stores it in a session with the user's i.p address and when next the same user accesses the login page, if the time difference is less than 5 seconds, the script wil display a message telin the user to wait for 5 seconds more before logging in again. Does this algorithm help prevent or reduce dos attacks? Thanks in advance
Olagsfark 0 Newbie Poster
Recommended Answers
Jump to PostYou could easily create a PHP method to record each hit from each IP.
Just input the hits to your database and increment a given column on the table.
If so many hits deny IP by writing to Apache or another php script which will deny IP.
If you think …
Jump to PostOlagsfark, what you're describing does not prevent DOS attacks (there's nothing you can do in your scripts about that) but it is an example of flood control. It prevents flooding, which is when someone tries to repeatedly fill out forms on your website in order to create many multiple entries …
All 7 Replies
Szabi Zsoldos 26 Learner and helper guy
Not really, they target mostly your IP not your login script.
Olagsfark 0 Newbie Poster
. Wao. So only my hosting providers can take care of that ryt? There nothing i can do about it in my scripts?
JorgeM 958 Problem Solver Team Colleague Featured Poster
A typical denial of service attack will try to over subscribe the server. One approach is to start a TCP connection and not complete it. By opening thousands of these connections, the web server's resources are consumed to a point where the server cannot service clients. This type of attack is not going to be prevented by your application code.
If you are hosting with a provider they should have the appropriate defenses in place to combat these types of attacks.
Banderson 29 Junior Poster in Training
You could easily create a PHP method to record each hit from each IP.
Just input the hits to your database and increment a given column on the table.
If so many hits deny IP by writing to Apache or another php script which will deny IP.
If you think the culprit is running proxy on your server then you can incorporate JAVA to get the machine name or use MaxMind Click Here and incorporate the exact idea I listed.
Problem solved, bad guy gone..
Dani 4,653 The Queen of DaniWeb Administrator Featured Poster Premium Member
Olagsfark, what you're describing does not prevent DOS attacks (there's nothing you can do in your scripts about that) but it is an example of flood control. It prevents flooding, which is when someone tries to repeatedly fill out forms on your website in order to create many multiple entries in your database unnecessarily.
Olagsfark 0 Newbie Poster
Thanks guys, That was an eye-lifter. But does the script atleast combat brute attacks?
pritaeas 2,211 ¯\_(ツ)_/¯ Moderator Featured Poster
does the script atleast combat brute attacks
It delays them, but only if it's not possible to directly post to the login script (bypassing the form).
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.