security - Dynamic IP-based blacklisting -

-

folks, know ip blacklisting doesn't work - spammers can come in through proxy, plus, legitimate users might affected... said, blacklisting seems me efficient mechanism stop persistent attacker, given actual list of ip's determined dynamically, based on application's feedback , user behavior.

for example: - trying brute-force login screen - poorly written bot issues strange http requests site - script-kiddie uses scanner vulnerabilities in app

i'm wondering if following mechanism work, , if so, know if there tools it:

  • in web application, developer has hook report "offense". offense can minor (invalid password) , take dozens of such offenses blacklisted; or can major, , couple of such offenses in 24-hour period kicks out.
  • some form of web-server-level block kicks in on before every page loaded, , determines if user comes "bad" ip.
  • there's "forgiveness" mechanism built-in: offenses no longer count against ip after while.

thanks!

extra note: it'd awesome if solution worked in php, i'd love hear thoughts approach in general, language/platform

are on *nix machine? sort of thing better left os level, using iptables

edit:

in response comment, yes (sort of). however, idea iptables can work independently. can set threshold throttle (for example, block requests on port 80 tcp exceed x requests/minute), , handled transparently (ie, application doesn't need know it, have dynamic blocking take place).

i suggest iptables method if have full control of box, , prefer let firewall handle throttling (advantages are, don't need build logic web app, , can save resources requests dropped before hit webserver)

otherwise, if expect blocking won't huge component, (or app portable , can't guarantee access iptables), make more sense build logic app.


Comments

Post a Comment

Popular posts from this blog

c++ - How do I get a multi line tooltip in MFC -

-
right now, have tool tip pops when hover on edit box. problem tool tip contains multiple error messages , in 1 long line. need have each error message on own line. error messages contained in cstring new line seperating them. my existing code below. bool ontooltiptext(uint, nmhdr* pnmhdr, lresult* presult) { assert(pnmhdr->code == ttn_needtexta || pnmhdr->code == ttn_needtextw); // need handle both ansi , unicode versions of message tooltiptexta* pttta = (tooltiptexta*)pnmhdr; tooltiptextw* ptttw = (tooltiptextw*)pnmhdr; // tchar szfulltext[256]; cstring strtiptext=_t(""); uint nid = pnmhdr->idfrom; if (pnmhdr->code == ttn_needtexta && (pttta->uflags & ttf_idishwnd) || pnmhdr->code == ttn_needtextw && (ptttw->uflags & ttf_idishwnd)) { // idfrom hwnd of tool nid = ::getdlgctrlid((hwnd)nid); } //m_errprojaccel[ch] contains 1 or more error messages each...
Read more

asp.net - In javascript how to find the height and width -

-
i having .aspx , masterpage page. in masterpage loading aspx page . in aspx page design using generating table structure using code-behind server in javascript how find height , width . regards, kumar if you're looking table height , width, should it var tbl = document.getelementbyid('tbldemo'); alert(tbl.offsetwidth + '\n' + tbl.offsetheight);
Read more

c# - DataTable to EnumerableRowCollection -

-
i have datatable according client requirement can contain invalid date "00/00/1999",null,empty string.(typed datset) when collect them enumerables wish convert of invalid forms empty string. (i.e) enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || (how check date invalid date) ? string.empty : order.field<datetime>("orderdate") } how check whether date valid date or not? datetime.tryparse...like given current code: datetime date; enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || !datetime.tryparse(convert.tostring(order.field<datetime...
Read more