I have the following requirements:
1. System shall display Captcha after 3 failed login tries
2. System shall ban the IP for 24 hours after 9 failed tries
I am thinking to do in following steps:
1- put IP into session
2- count tries for that IP
3- when tries++=3 then show captcha
4- if tries++=9 then ban IP for 24 hours
I can do first 3 steps but how can I ban IP for 24 hours? may I insert into a db table or is there any other solution?
Nicola Garofalo wrote:Yes, you could.
You could insert the time of the ninth login attempt in a db table.
Everytime the same ip tries to login, you compute the difference between the login time and the time you stored in your db table.
If this difference is 24 hours or more you allow the login.
Thanks a lot. Appreciated