https://www.webmaster-forums.net/crss/node/1015213 en https://www.webmaster-forums.net/serverside-scripting/blocking-computer#comment-1088232 <p>Good idea.. However people likes to ruin it for others! They wouyld simply start disabling each others accounts <img src="https://www.webmaster-forums.net/misc/smileys/sad.png" title="Sad" alt="Sad" class="smiley-content" /></p> <p>The IP blocking might be the best as of now...</p> <p>Thanks for your help everyone!!</p> <p>~casper</p> Wed, 29 Aug 2001 14:57:16 +0000 hotcut comment 1088232 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/blocking-computer#comment-1088230 <p>Why don't you just disallow any attempts to log in with that particular username after, say, 6 attempts or so... don't even bother checking where they're from.. just don't let anybody log in with that username for an hour or something. Maybe you could log whatever information about the attempted login that you can get so you can try and find patterns and track whoever is doing that stuff... </p> <p>just some thoughts!</p> Wed, 29 Aug 2001 13:59:33 +0000 lurch comment 1088230 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/blocking-computer#comment-1087775 <p>I don't really see any way around this unless you do one of the following:</p> <p>1) Setup a client certificate that is required to login.<br /> 2) Make your login page use a client-side active-x control.</p> <p>The MAC/Physical address is not available in the Server Variables.</p> <p>Your best bet is just to make it as much of a pain to hack as possible. Use hidden form fields, and only give them 3 or so attempts.</p> Wed, 22 Aug 2001 20:29:29 +0000 Peter J. Boettcher comment 1087775 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/blocking-computer#comment-1087771 <p>Yes, I see your point...</p> <p>My entire site relies on sessions, and therefore also cookies... The problem is that any real hacker will easily be able to simply delete those cookies!</p> <p>Banning the IP aint good either... If someone for instance tryes to hack an account from a school, I would be blocking that whole complex for 30 minnutes <img src="https://www.webmaster-forums.net/misc/smileys/sad.png" title="Sad" alt="Sad" class="smiley-content" /></p> <p>I believe that as of this cookies is the best thing... However, isn't there a better way? Hasn't every computer gotten other ways of being found than using the IP?<br /> Again... I have heard a lot of this mac-addy... is that by any´chance something you know anything about?</p> <p>Thanks for your help thus far <img src="https://www.webmaster-forums.net/misc/smileys/smile.png" title="Smiling" alt="Smiling" class="smiley-content" /></p> <p>VCasper</p> Wed, 22 Aug 2001 19:55:35 +0000 hotcut comment 1087771 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/blocking-computer#comment-1087769 <p>If you can force people to use cookies then I would use Sessions.</p> <p>Add a counter on the Session_OnStart, example:</p> <p>Sub Session_OnStart<br /> Session("LoginCounter") = 0<br /> End Sub</p> <p>In your login handler page just increment as needed:</p> <p>If Login = false Then Session("LoginCounter") = Session("LoginCounter") + 1</p> <p>Then just build in the logic in the login form to deny any attepmts after a certain number:</p> <p>If Session("LoginCounter") &lt; 5 Then<br /> Display Login form<br /> Else<br /> Response.Write "Exceeded valid login attempts"<br /> End If</p> <p>You could also record the IP number and disable it for 30 minutes or something, would make it more of a pain for the hackers since they would have to use a new IP for at least 30 minutes.</p> <p>If you can't force cookies then maybe use hidden form fields and increment them as necessary.</p> <p>You can't rely on IP since any serious hacker can spoof.</p> Wed, 22 Aug 2001 19:52:05 +0000 Peter J. Boettcher comment 1087769 at https://www.webmaster-forums.net