GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Due · 11-02-2005, 01:03 AM

Didnt read it all.
But a easy fix could be making logins PHP based with sessions and cookie verification.
before your user / pass match function put
<?
sleep(1);
?>
In case of failed user pass put:
<?
sleep(5);
?>
in case of visitor comming through a proxy put a extra function that requirre image verification.
It will take 1 second to login if you enter a successfull user / pass, and 6 seconds before you get a responce if you enter a wrong combination.
To make it more complicated you can additionally set PHP to return random apache headers.
It wont stop hacking completely, but slow down the process so it will hardly be worth the effort.
PHP w session / cookie based authorization can also be used as regular htaccess returning "200 OK" login for all requests, but only showing the actual content for people that made a match

11-02-2005, 01:03 AM
Due Confirmed User Industry Role: Join Date: Mar 2001 Location: Murrieta, CA Posts: 3,620	Didnt read it all. But a easy fix could be making logins PHP based with sessions and cookie verification. before your user / pass match function put <? sleep(1); ?> In case of failed user pass put: <? sleep(5); ?> in case of visitor comming through a proxy put a extra function that requirre image verification. It will take 1 second to login if you enter a successfull user / pass, and 6 seconds before you get a responce if you enter a wrong combination. To make it more complicated you can additionally set PHP to return random apache headers. It wont stop hacking completely, but slow down the process so it will hardly be worth the effort. PHP w session / cookie based authorization can also be used as regular htaccess returning "200 OK" login for all requests, but only showing the actual content for people that made a match __________________ I buy plugs Skype: Due_Global /Due