Unless you mean ban the IP for 1 hour then that's best. I think 1 hour will suffice for the ban length.
If a failed login attempt is made, howabout an automatic PM saying when it was? Or a notification message somewhere?
Brute force pervention so it would ban users for 30 min. after 5 login attemts. And log it in the event log.
This sounds just like a different host.
I can see some use for this as I have yet to trigger a stop limit.
I think however 30min is too short. I think 24hrs is more appropriate. 5 attempts seems plenty of tries, and I like the idea of the logging the failed attempts.
IP logging would be great, but I think it would also be useful for the staff (maybe main admin only) to see what account is being attacked.
I agree that it would be good to have some form of notification of bad logins. However, I don't think an account should be banned for it. Because I could try to login as Graham 10 times, then he'd be banned.
Unless you mean ban the IP for 1 hour then that's best. I think 1 hour will suffice for the ban length.
If a failed login attempt is made, howabout an automatic PM saying when it was? Or a notification message somewhere?
Good point Michael. Maybe a PM could be used.
How about an IP based ban rather than an account one?
OK i can sum this up to what would work best
1: An option in the forum settings to turn this feature on AS WELL a field beside that where the admin can set the length (in minutes), as well as the amount of attempts allowed.
2: A log in the admin panel that lists all account failed login accounts (listing the accounts display name, username, as well as the Ip address of the person trying to login.)
3: Banning the IP of the person attempting to login, for the set amount of time, when the login failed the set about of tries, as well as a Proxy Check.
4. A PM notification send to the user's whos account was being attacked, notifying them of the attack and suggesting them to change their password.
My opinion I think that covers everything. It provide the most user friend and editable options, allowing it to be flexible so that if the user doesn't want to use the feature they dont have to and they can set the values of everything. Also provides notification to both allowed staff as well as the user. It also bans the person's ip instead of the account, preventing the wrong person from being locked out. Adding to that the Proxy Check will make sure that the user is not using a Proxy to change his IP address in order to bypass the IP Ban.
I like it, but change the PM to emails instead.
I like what you had to say Dwight. Those actually would work really good.
Like Darkmage, I think an email alert would be more suitable. Then again, the user should be able to choose if they want a PM / Email / or both.
Adding to that the Proxy Check will make sure that the user is not using a Proxy to change his IP address in order to bypass the IP Ban.
If I wanted to use a good proxy then there would be no way for the software to detect that I am using a proxy server.
Other than that, some interesting ideas.
If I wanted to use a good proxy then there would be no way for the software to detect that I am using a proxy server.
Other than that, some interesting ideas.
True, but every little bit helps. I don't think a lot of people will even think about using a proxy after the ip ban, its more like an tempt at a fail-safe, even if it wont always work to prevent everyone.
I like what you had to say Dwight. Those actually would work really good.
Like Darkmage, I think an email alert would be more suitable. Then again, the user should be able to choose if they want a PM / Email / or both.
I agree
OK i can sum this up to what would work best
1: An option in the forum settings to turn this feature on AS WELL a field beside that where the admin can set the length (in minutes), as well as the amount of attempts allowed.
2: A log in the admin panel that lists all account failed login accounts (listing the accounts display name, username, as well as the Ip address of the person trying to login.)
3: Banning the IP of the person attempting to login, for the set amount of time, when the login failed the set about of tries, as well as a Proxy Check.
4. A PM notification send to the user's whos account was being attacked, notifying them of the attack and suggesting them to change their password.
My opinion I think that covers everything. It provide the most user friend and editable options, allowing it to be flexible so that if the user doesn't want to use the feature they dont have to and they can set the values of everything. Also provides notification to both allowed staff as well as the user. It also bans the person's ip instead of the account, preventing the wrong person from being locked out. Adding to that the Proxy Check will make sure that the user is not using a Proxy to change his IP address in order to bypass the IP Ban.
I like it
I agree that it would be good to have some form of notification of bad logins. However, I don't think an account should be banned for it. Because I could try to login as Graham 10 times, then he'd be banned.
Unless you mean ban the IP for 1 hour then that's best. I think 1 hour will suffice for the ban length.
If a failed login attempt is made, howabout an automatic PM saying when it was? Or a notification message somewhere?
I ment an IP ban.