Block IP

What’s the best approach to block a IP that has tried to login too many times within a certain period of time?

i think thats the point. if i get my password wrong 3 times on my bank account they lock me out… if i tried someone’s elses account they’ll lock me out… hence security protects against brute attacks. its annoying as hell to call my bank to reactivate my account but its better than having someone brute force into my account. :slight_smile:

there’s 2 ways to resolve it.
1 - 800# Call to activate your account again
2 - lock the account for about 1 hour and have the script remove it from the block list.

It can be dangerous, because an attacker could block accounts by purposely failing logins.

just create a faillogged column if it reach 3 or 5 attemps add their ip address to a block list could be a text file or a database

table name
block_ip
id | usr | ip | date

php script with a if statement
if ip is in block list … msg (we’ll call you or call 800#)

Keep giving it the login form, but secretly bypass the actual login function after X attempts. Eventually a real person will contact you, but something nefarious will continue to attempt logging in since there’s no indication that it’s been blocked.

The best way? At the Firewall. The hardware firewall that should be closet to the internet connection.
Or did you mean the best with only the settings you have access to?

I’ll assume you have limited access to the web server and access to PHP.
Web Server first if you don’t have the ability with the server then PHP.