Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

how to stop the password tries in the .htaccess protected ..

  
   Web Hosting and Web Master Forums (Home) -> Apache RSS
Next:  https and user login, need help  
Author Message
huizhang66

External


Since: Nov 16, 2003
Posts: 1



(Msg. 1) Posted: Sun Nov 16, 2003 7:50 pm
Post subject: how to stop the password tries in the .htaccess protected folder?
Archived from groups: alt>apache>configuration (more info?)
To improve the security and stop the password tries in the .htaccess
protected folder, HOW can I disable a .htpasswd user if in a short time,
this user's password has been typed in wrong for 10 times?

 >> Stay informed about: how to stop the password tries in the .htaccess protected .. 
Back to top
Login to vote
nospamrossz

External


Since: Jul 10, 2003
Posts: 12



(Msg. 2) Posted: Mon Nov 17, 2003 1:27 am
Post subject: Re: how to stop the password tries in the .htaccess protected folder? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"hui zhang" <huizhang66.RemoveThis@hotmail.com> wrote in
news:CVNtb.404270$6C4.210905@pd7tw1no:

 > To improve the security and stop the password tries in the .htaccess
 > protected folder, HOW can I disable a .htpasswd user if in a short time,
 > this user's password has been typed in wrong for 10 times?

Assuming you are using the built in password crap, nope, nothing you can
do. Well, you could possibly implement some sort of cron job that scans
your apache error file and tries to catch this sort of thing, but it would
be a very ugly kludge at best.

I highly recommend switching to some other system for password protection.
There are several PHP packages that do authentication against a mysql
database and could be easily modified to do a timed lock on an account
after too many failed attempts.



--
Rossz

Remove 'NOSPAM' from my email address to reply directly<!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: how to stop the password tries in the .htaccess protected .. 
Back to top
Login to vote
jring

External


Since: Jun 30, 2003
Posts: 154



(Msg. 3) Posted: Mon Nov 17, 2003 3:16 pm
Post subject: Re: how to stop the password tries in the .htaccess protected folder? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
  > > To improve the security and stop the password tries in the .htaccess
  > > protected folder, HOW can I disable a .htpasswd user if in a short time,
  > > this user's password has been typed in wrong for 10 times?
 >
 > Assuming you are using the built in password crap, nope, nothing you can
 > do. Well, you could possibly implement some sort of cron job that scans
 > your apache error file and tries to catch this sort of thing, but it would
 > be a very ugly kludge at best.

will it work at all? i'm not shure wether you see a user field in the
logs when password is wrong...

joachim<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: how to stop the password tries in the .htaccess protected .. 
Back to top
Login to vote
nospamrossz

External


Since: Jul 10, 2003
Posts: 12



(Msg. 4) Posted: Thu Nov 20, 2003 6:45 am
Post subject: Re: how to stop the password tries in the .htaccess protected folder? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
jring DeleteThis @web.de (Joachim Ring) wrote in
news:3ae246c1.0311171216.e99d953@posting.google.com:

   >> > To improve the security and stop the password tries in the .htaccess
   >> > protected folder, HOW can I disable a .htpasswd user if in a short
   >> > time, this user's password has been typed in wrong for 10 times?
  >>
  >> Assuming you are using the built in password crap, nope, nothing you
  >> can do. Well, you could possibly implement some sort of cron job that
  >> scans your apache error file and tries to catch this sort of thing,
  >> but it would be a very ugly kludge at best.
 >
 > will it work at all? i'm not shure wether you see a user field in the
 > logs when password is wrong...

good point. I don't think there's anything you can do, not even an ugly
kludge. Switch to something like php-auth if at all possible.



--
Rossz

Remove 'NOSPAM' from my email address to reply directly<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: how to stop the password tries in the .htaccess protected .. 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Problem with access to password protected area - I have a directory selected with a .htaccess file in it. The following is the contents of the file AuthType Basic AuthName "Restricted Directory" AuthUserFile /usr/local/etc-http/.htpasswd Require valid-user I ...

Some newbie questions regarding using .htaccess for passwo.. - Apologies if this is the wrong group for this, I tried searching dejanews but was unable to narrow my search down enough to get anything useful. The scenario: Local soccer team wants a password protected directory on their site, we have found a host/ISP...

password protection (.htaccess) and streaming mp3's - Hey folks, just for the record this work in winamp. I have an apache web server with an mp3 link that is password protected. After authorization you can see the mp3's. Click on a link and the little web engine I'm using (Zina) automagically creates a..

Excluding a single file from .htaccess password protection? - Hi, I've added .htaccess password protection to my web site for various reasons. However, I think it would be nice to have a welcome page that's accessible to everyone. Is there any way to exclude a single file (ie, index.html) from being protected...

Win2k pro, apache 2.0, php - downloads php files, how do i.. - I've searched groups for this topic and found many results that didn't work in my configuration. I'm using: Windows 2000 pro Apache 2.0.43 (distributed with indigoperl 2003(latest version)) PHP 4.2.3 (distributed with above distrbution) Apache works..
   Web Hosting and Web Master Forums (Home) -> Apache All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]