Answer the question
In order to leave comments, you need to log in
How to count the number of password attempts?
There is a common task of limiting attempts to enter a password for a particular individual (self-written engine in PHP / MySQL): no more than three in half an hour.
Question: where to store the counter of attempts?
The forums offer a session everywhere, but deleting session cookies and starting a new session for the bot is as easy as shelling pears, right? How to be in such a case? Identify IP? But, again, then you need to store the counter somewhere - where?
Answer the question
In order to leave comments, you need to log in
Well, yes, first you need to identify the client somehow. IP of course + session id or user-agent. You will not be able to fully guarantee unambiguous identification.
Then you make a table like id-connection (you can have several columns for sampling), last_access_time, count. Check with it when authenticating. Write at the same time and a cron service for cleaning up obsolete entries.
I recommend using fail2ban. The idea of integration can be gleaned, for example, here .
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question