Prevent brute force attacks

Check to see if the login was successful. you can apply your own variable here. Obviously all variable names

<cfif [login successful...]>
	Do something since you've successfully logged in.
<cfelse>
	<cfparam name="session.FailedLogin" default="0" >
	<cfset session.FailedLogin = session.FailedLogin+1>
	<cfif session.FailedLogin gt 10>
		<cfabort>
	</cfif>
	<cfset createObject("java", "java.lang.Thread").sleep(JavaCast("int", session.FailedLogin*500))>
</cfif>
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s