如何在Classic ASP中延迟响应 [英] How to delay a response in Classic ASP
问题描述
我有一个运行Classic-ASP的网站,并且在登录页面上,我希望延迟对登录尝试失败的响应(大约10秒钟),以帮助防止对帐户的暴力攻击.
I have a site running Classic-ASP and on the login page I would like to delay the response to a failed login attempt (by like 10 seconds) to help prevent brute force attacks on accounts.
快速的Google搜索显示了一些使用骇客行为的SQL Server查询的骇客行为.
Quick google searches show some hacks using SQL server queries that seem hack-tastic.
在经典的ASP中,有什么好方法吗?
Is there a good way to do this in classic asp?
推荐答案
我不会回答您的特定问题,因为许多人已经这样做了,但是有更好的方法来防止暴力攻击.
I am not going to answer your specific question, as many have already done so, but there are far better ways of preventing brute force attacks.
例如:
- 为什么在尝试登录失败5次(此处很慷慨)后,不锁定特定的会话或IP地址?您可以将其锁定10分钟.您甚至可以编写"401未经授权"的HTTP状态,然后仅用
Response.End
结束响应. - 以类似的方式,但甚至没有链接到失败的登录,对于特定的IP,UserAgent和其他客户端功能,您可以在Y秒内阻止对登录页面的请求X次以上-确保某种唯一"客户端
- 忽略IP地址(该地址很容易被欺骗,并且可以是代理服务器IP),并且只需检测登录尝试的自动化即可.特定用户名/电子邮件地址在Y秒内X失败的登录次数,在指定的时间段内阻止该用户名登录,并结束响应.
只是说,还有其他选择,而不是通过锁定一些资源并等待来给服务器增加不必要的负载.
Just saying there are other options than putting unnecessary load on your server by locking some resources and waiting.
显然,在硬件层执行此操作-防火墙等将是首选.
Obviously, doing this at the hardware layer - firewalls etc. would be the preferred option.
这篇关于如何在Classic ASP中延迟响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!