I present a little more safety for your applications.
The attached file will count access from a user (by IP), and, if the file is being accessed to much (defined in the script), the user (IP) will be banned for a certain time (defined in the script) from accessing some page. The user will then see a countdown which changes back to a link once the countdown (wait/ban) is over.
( )
You can use this very easily to prevent brute force attacks on your login page.
Installation for the use in AppGini
1. Place the file in the attached ZIP in the hooks folder (hooks/antiflood.php).
2. Create a subfolder "antiflood" in your hooks folder (hooks/antiflood), make sure folder is writeable by webserver (750)
3. If you want to prevent countless logins (brute force), just include this file in hooks/__global.php in the login_failed function with this single line of code (probably even with out php opening/closing).
Code: Select all
<?php include "antiflood.php"; ?>
If you do this, the user will have certain login tries before he has to wait.
The script does not need any cookies.
You may adjust number of allowed page requests for the user, time interval to start counting page requests (seconds) = how often the page can be loaded in that time, seconds to punish the user who has exceeded in doing requests and the directory name to keep script data.
Suggestions? Comments?
Oh, not my idea, nor my script. I simply adjusted and added a little (see documentation in file).
And: I know that it's not a real nice solution concerning DDOS - but still
Olaf