Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Account Lockouts

from [Kalyan Varma] Network Security [Permanent Link]
Subject: Re: Account Lockouts
Date: Thu, 2 Dec 2004 23:34:25 +0530 (IST)
On Wed, 1 Dec 2004, Harrison Gladden wrote: 
What are successfull techniques that could be used on the web
interface to avoid having a script run against it that would
potentially lock out 15000 user accounts, and create a headache for
the system administrators who have to manually unlock each account?

Why not throw a Captcha after X bad attempts ? And if you continue to see right Captcha word with bad password, then lock the account after Y attempts.

You could also think about blocking the IP address if you see too many bad login attempts from a specific IP address.

- Kalyan

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Account Lockouts, Blake Frantz
Next by Date:  Re: Account Lockouts, Michael Silk
Previous by Thread:  Re: Account Lockouts, Valdis . Kletnieks
Next by Thread:  RE: Account Lockouts, WebAppSecurity [Technicalinfo.net]
Indexes:  [Date] [Thread] [Top] [All Lists]