Rehtsel
04-23-2003, 04:08 AM
i got some security problems last time
i saw in the logs that some ips tried constantly to access my admin cp and it wasnt my or any other admins ip
so i tested the one mail-by-wrong-login hack by firefly, and hm ok i saw now, that someone try to bruteforce admin accounts passwords. i blocked the ip on the server then and what happened some hours later? ip changed and same thing again :/
ok im not totaly-stupid and tried to code a hack to automaticaly ban this users from the admin/index.phpm but everytime i screwed up something.
one try i was banned after 3 visits, other try i even cant login :/
woulrd be nice if someone can take this 10 mins and code a secure hack for this, im sure its usefull for more some more users here :)
required features:
-automaticaly banned after x (3 or 5 or so) failed logins attempts to admin cp AND failed logins into normal board
-if possible, banned from every script, if not, banned from index.php and admin/index.php
-banned ips stored in sql database (to clean them out, if needed)
-auto-unbanning after x hours (6,12,24 or so)
would-be-nice-but-not-absolutely-needed features:
-accessible in admin cp (manuel-banning and manuel-unbanning)
-email-report (ip, tried passes, time and link to search on board for ip) (+perhaps to more as 1 email)
-report stored in sql databse and visible on admin cp
thanks for reading and hopefully helping me
--Rehtsel--
i saw in the logs that some ips tried constantly to access my admin cp and it wasnt my or any other admins ip
so i tested the one mail-by-wrong-login hack by firefly, and hm ok i saw now, that someone try to bruteforce admin accounts passwords. i blocked the ip on the server then and what happened some hours later? ip changed and same thing again :/
ok im not totaly-stupid and tried to code a hack to automaticaly ban this users from the admin/index.phpm but everytime i screwed up something.
one try i was banned after 3 visits, other try i even cant login :/
woulrd be nice if someone can take this 10 mins and code a secure hack for this, im sure its usefull for more some more users here :)
required features:
-automaticaly banned after x (3 or 5 or so) failed logins attempts to admin cp AND failed logins into normal board
-if possible, banned from every script, if not, banned from index.php and admin/index.php
-banned ips stored in sql database (to clean them out, if needed)
-auto-unbanning after x hours (6,12,24 or so)
would-be-nice-but-not-absolutely-needed features:
-accessible in admin cp (manuel-banning and manuel-unbanning)
-email-report (ip, tried passes, time and link to search on board for ip) (+perhaps to more as 1 email)
-report stored in sql databse and visible on admin cp
thanks for reading and hopefully helping me
--Rehtsel--