php set time delays after input attempts -
question related brute forcefulness attacks. if user enters wrong password, php records in mysql datetime of attempt. , in case of wrong password need user can create next effort after time (1-2 seconds). understand php sleep not good, because not prevent bots create requests?
what solution (to set time delay without php sleep)?
you add together sleep @ origin of file if number of requests high user. maybe add together 1 sec every failed request in past 24 hours or exit if number reaches threshold.
<? //script find when lastly requests made if($failed>2) { sleep($failed+1); }elseif($failed>10) { exit;//or redirect } //the rest of file ?> php
No comments:
Post a Comment