|
I am trying to find a way of increasing the maximum dial attempts for the lead recycle rules. At the moment I can only go to 10, I need more like 99!
Any assistance would be gratefully appreciated please.
Thanks.
Started by hobsonace on
, 12 posts
by 6 people.
Answer Snippets (Read the full thread at net):
You would need to edit the database schema and the source code of several different files to do that .
|
|
I was just reading this post http://stackoverflow.com/questions/549/the-definitive-guide-to-website-authentication-beta#477585 on Preventing Rapid-Fire Login Attempts.
Best practice #1: A short time delay that increases with the number of failed attempts...
Started by jasondavis on
, 10 posts
by 10 people.
Answer Snippets (Read the full thread at stackoverflow):
On attempt to log in, fetch how many recent (say, last 15 minutes) login attempts there were, and the....
The attempt table would log the throttle entirely.
I generally create login history and login attempt tables.
Ipaddress.
|
|
Hi there, I'm seeing web apps implementing limitations for user login attempts.
Is it a security necessity and, if so, why?
For example: you had three failed login attempts, let's try again in 10 minutes!!
thanks :)
Started by artarad on
, 8 posts
by 8 people.
Answer Snippets (Read the full thread at stackoverflow):
That was attempted (ie 'log in', 'search', 'comment') The time of the attempt Number of attempts (attempt counter) For each attempt made I query against the partial IP address and the action, and if a previous attempt....
|
Ask your Facebook Friends
|
If I identify an anonymous attempt to hack my servers is there an appropriate response? Or is it a case of look at what they were attempting and make sure we're covered against it and similar attacks?
Cheers,
Robin
Answer Snippets (Read the full thread at serverfault):
You can use `whois' to get information about an ip/domain
You need to audit any change to your files, audit your code, make sure you sanitize... .
Provide logs.
Find the Abuse email address related to that ip and send an email warning that there are attacks .
|
|
1) A typical Login Screen of an application, ID locked for wrong passwords when more than three attempts.
2) The attempt cannot be stored in session, because user might use multiple browsers in same or different machine.
3) I don't want to persist the...
Started by frappuccino on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
If you are trying to lock out users who forgot their password, do it by user name .
If you are looking to see if someone is trying to brute force a password, then use IP .
You'd probably want to use IP address to track incorrect login attempts.
|
Are your attempts to get Answers from Stackoverflow, Google etc. Hampered by your company's firewall
Just as you are homing in to the difficult to find answer for a programming problem, you are advised that your "attempt is recorded" and you see a firewall blocking message. How wide-spread is this and how can it be avoided, if at all?
Started by mm2010 on
, 11 posts
by 11 people.
Answer Snippets (Read the full thread at stackoverflow):
My personal advice would be seek a new employer, I would never... .
This sounds like a problem with your employer.
No -- but I do wish Google would ban Experts Exchange from their search results by default .
Haven't had that happen anywhere that I've worked.
|
|
(This is in principal a language-agnostic question, though in my case I am using ASP.NET 3.5)
I am using the standard ASP.NET login control and would like to implement the following failed login attempt throttling logic.
Handle the OnLoginError event ...
Started by Richard Ev on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at stackoverflow):
2 seconds after first login attempt the time until another login attempt....
Otherwise a count and lock-out is reasonable - although an easier solution might be to have a doubling-timeout between each login failure .
Each login attempt.
|
|
I'm using ASP.NET 2.0 to connect to a Sybase Sql Anywhere 5 server. And I get this error sporadically. It just happens sometimes. The error message is:
ERROR [HY000] [Sybase][ODBC Driver]General error: attempted two active database requests
Exception ...
Started by Cristian Donoso on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
Are you trying to use the same database connection for all requests? The requests are handled by several threads, so each request... .
The error message means that you attempted to run two queries at the same time using the same database connection.
|
|
I get a lot of SSH connection attempt from different IP on my server (with different username). 1 to 5 per seconds. It look like a brute force attack. What can I do to prevent that? Block the IP? change the SSH port? Something else?
Thanks!
Started by benjisail on
, 10 posts
by 10 people.
Answer Snippets (Read the full thread at serverfault):
You can change the SSH port as you suggest....
You can block the ip manually but this is more a temporary solution .
It works with other servers like http/ftp/etc too.
It serve exactly this purpose, blocking brute force attempts.
You can install fail2ban.
|
|
I'd like to be notified via email if our Linux servers are under any kind of hacking attempt or service attack. Is there some kind of all-in-one solution that can monitor for suspicious activity and send reports of said activity to an email address?
Started by cowgod on
, 15 posts
by 15 people.
Answer Snippets (Read the full thread at serverfault):
You should consider setting the kernel to monitor.
That comes to one attempt per 39 seconds .
If you want attempts.
I think you may want to rethink being alerted for every unsuccessful hacking attempt.
|
