Posted by Tyno Gendo on 04/09/07 21:37

J.O. Aho wrote:
> antony wrote:
>> if in a form with login (user and pw) what is a good solution for
>> to block an dos attack;
>>
>> someone said that is not a good solution stop the ip because so other
>> normal user can to be locked also;
>
> Yes, it's true if the attack is coming from a dynamic-ip, most ISPs supply
> dynamic ones to their subscribers.
>
> If you have someone trying to DOS you, then it's better to use a temporary
> block on "firewall" level (drop all connection to it without sending replies),
> as if you let it go to websever level (in your php code), then you still get
> the same load on the system and you will give some kind of response to the
> attacker.
> When using a temporary block, users will in most cases always be able to
> login, even if they happen to get the same ip as the attacker had.
>

The original question posed was not about how to stop a DOS... the
original was how for PHP code to lock a user/pass account after 5 login
attempts have failed.

If your worrying about a DOS then firewalling is your best bet, as J.O.
Aho says, most IP's will assign dynamic IP's to each client.

However, the previous question was all about web access and PHP coding,
so my point was that if you blocked based on the REMOTE_ADDRESS from a
browser, it could be a web proxy, and blocking the web proxy from
accessing could affect _many_ users where an ISP forces HTTP through proxy.

This is different from saying you want a DOS guard, in which case you
probably want to be asking elsewhere.

[Back to original message]