brute-force Archives

Block brute force attacks on SQL Server, block IP addresses in Windows Firewall using PowerShell

This PowerShell solution blocks IP addresses that are trying to brute force your SQL Server logins, by blocking IP addresses in Windows Defender Firewall with Advanced Security, using PowerShell. You can use this to create your own solution to block offending IP addresses in SQL Server's firewall.

By Jan Reilink 20/09/2021Windows Server

Web application security

Cracking PHP rand()

Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling rand() multiple times and transforming the output to a string. This post will explore how hard it is to predict a token made with rand().

By Jan Reilink 15/02/2016Web application security

Web application security

Add a delay to your WordPress login form

This plugin adds a three second delay when logging into WordPress. This slows down brute-force attacks on your website. However, it is not recommended to use sleep(), because a heavy brute-force attack will let all those POST requests sleep for the given amount of time.

By Jan Reilink 10/07/2015Web application security