limit registeration [message #7948] |
Wed, 01 January 2003 17:16 |
Stan
Messages: 15 Registered: May 2002
Karma: 0
|
Junior Member |
|
|
My board was attacked the other day, and he was registering 3 times a second.It brought the database down to it's knees.I disabled registration and he then switched to asking for a password reminder.
The script he was using would use a different proxy and name/email for each post.
What about a optional feature that would limit the time between each request and limit the reminders to one per day ? or maybe a proxy ban feature ?
Stan
|
|
|
Re: limit registeration [message #7972 is a reply to message #7948] |
Fri, 03 January 2003 16:35 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
It is nearly impossible to ban proxies since anonymous proxies appear identical to the a regular user. Your best bet is to block this user by IP using your firewall. Eventually he will run out of proxies, if he using a particular ISP's for his email, bad all registration from that e-mail address using the email filter feature of the forum.
FUDforum Core Developer
|
|
|
Re: limit registeration [message #8149 is a reply to message #7948] |
Mon, 13 January 2003 16:43 |
AutoHost
Messages: 99 Registered: October 2002
Karma: 0
|
Member |
|
|
Stan wrote on Wed, 01 January 2003 12:16 |
What about a optional feature that would limit the time between each request and limit the reminders to one per day ?
Stan
|
I would like to see both of these incorporated, as it is a proactive approach rather than just reactive. It seems to be a great way to limit the speed of attacks in advance rather than just trying to deal with them after the fact or during an attack.
You already have a 60 second limit between posts, which I guess was put into place in response to an attack.
Ron Miller
Stars! AutoHost
|
|
|
Re: limit registeration [message #8155 is a reply to message #8149] |
Mon, 13 January 2003 17:01 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
Hmm interesting idea, certainly worth considering, I'll look into adding a registration time limiter.
FUDforum Core Developer
|
|
|