Home Access Plus+ Thread, Limiting Login Attempts in Projects:; Hello , I've browsed the posts but can't find this mentioned.
We recently had a brute force attack on our ...
14th December 2012, 11:31 AM #1
- Rep Power
Limiting Login Attempts
Hello , I've browsed the posts but can't find this mentioned.
We recently had a brute force attack on our hap server so I have been asked to limit login attempts. Our firewall is supposed to detect DOS attacks but didn't see this as a problem ( probably because of the HTTPS bypass rule I had to use ) so i was wondering if there is any code built in or that could be added to enable a 3 try minimum followed by a 10/20 min cooldown.
Any ideas ?
14th December 2012, 11:50 AM #2
I can look into it for you
14th December 2012, 12:24 PM #3
14th December 2012, 12:25 PM #4
Sounds like a really good idea
Can we also log failed login attempts - with the username tried and IP address? I have a couple of people who have issues getting past the login page.. i know it's user error, but it'd be handy to have access to some proof that they have even tried!
From a security perspective, I'd be keen to see if kids are trying out staff logins!
14th December 2012, 12:28 PM #5
This dll now logs after 4 failed attempts so you can see persistent failures (in the Web Tracker, Event Viewer is slightly less info)
14th December 2012, 12:35 PM #6
Wow, thanks for this @nickbro
However, i am getting a error on loading the login page:
The url is beta/login.aspx?ReturnUrl=%2fbeta
Server Error in '/beta' Application.
Sequence contains no matching element
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.InvalidOperationException: Sequence contains no matching element
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
(InvalidOperationException: Sequence contains no matching element)
System.Linq.Enumerable.Single(IEnumerable`1 source, Func`2 predicate) +4472766
HAP.Web.Login.Page_Load(Object sender, EventArgs e) in n:\Visual Studio 2010\Projects\CHS Extranet\HAP.Web\Login.aspx.cs:23
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3064
14th December 2012, 12:38 PM #7
14th December 2012, 01:00 PM #8
- Rep Power
Brilliant, thanks Nick.
Erm, this for version 8 ? I'm still on 7.
Last edited by Mr_Jolly; 14th December 2012 at 01:05 PM.
14th December 2012, 01:07 PM #9
14th December 2012, 01:08 PM #10
Definately time to ugprade!! You are missing out on so much!
Originally Posted by Mr_Jolly
14th December 2012, 01:12 PM #11
Would you want it on a per machine basis or per user agent on that ip. Just in case you have clients behind an NAT firewall.
14th December 2012, 01:16 PM #12
Valid point.. It must be a solution that fits all.. and locking out everyone on a secure BYOD wifi might because of one user might not be a clever direction to go!
If i'm honest, i'm happy with it as is now - it's a big security step and a great place to start - others will have different ideas/opinions!
14th December 2012, 01:33 PM #13
- Rep Power
Hehe, I know. I'll wait until Monday now though I think, nothing like breaking access to school files for the weekend
14th December 2012, 02:26 PM #14
- Rep Power
By speckled in forum Windows
Last Post: 10th November 2008, 04:00 PM
By wesleyw in forum Windows
Last Post: 28th April 2008, 01:59 PM
By faza in forum How do you do....it?
Last Post: 19th July 2007, 04:48 PM
By whatwherewhen in forum Network and Classroom Management
Last Post: 20th February 2007, 07:29 PM
By e_g_r in forum Wireless Networks
Last Post: 13th February 2007, 10:03 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)