Show After 3 Failed Attempts

Discussion in 'PHP' started by oo7ml, Nov 20, 2012.

0
  1. #1
    Hi, i have noticed that Twitter and Facebook both have a good system in place on some of their forms.

    For example, if a user fails to enter their correct details in to the Sign In Form 3-4 times, a reCaptcha shows.

    I also noticed that the reCaptcha shows on the Sign Up Form after it detects suspicious activity...

    Can anyone think how they might have implemented this system, as i really don't want to display a reCaptcha form my default... i would rather only display it if there was suspicious activity.

    (please do not respond saying that captchas are a waste of time etc... i am simply only interested in finding out how Twitter and Facebook are implementing captchas when they detect something suspicious :)

    Thanks in advance for your help...
     
    oo7ml, Nov 20, 2012 IP
  2. NetStar

    NetStar Notable Member

    Messages:
    2,471
    Likes Received:
    541
    Best Answers:
    21
    Trophy Points:
    245
    #2
    The simplest way is to track activity via a cookie. Store a random id in a cookie. Use the id to look up the info in your database. Keep track of how many in correct logins in a single day. Then display the captcha.
     
    NetStar, Nov 20, 2012 IP
  3. oo7ml

    oo7ml Well-Known Member

    Messages:
    656
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    105
    #3
    Thanks, i was thing of doing the following:

    When validating the sign-up form, check to see if an account has been created from the same ip address within the last minute (or less)… if it has, fail the validation and display a captcha
     
    oo7ml, Nov 20, 2012 IP
  4. stephan2307

    stephan2307 Well-Known Member

    Messages:
    1,277
    Likes Received:
    33
    Best Answers:
    7
    Trophy Points:
    150
    #4
    it looks like you are trying to stop bots to sign up. it is not uncommon for bots to have delays build in so that it is more difficult to get caught. Also your way would have another big issue. If your website is for example being used by students when they are at uni. suddenly you have multiple people with the same IP using your site. so you might penalise them all ( if loads of them would sign up at the same time ).
     
    stephan2307, Nov 20, 2012 IP
  5. oo7ml

    oo7ml Well-Known Member

    Messages:
    656
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    105
    #5
    Ok, thanks... what you said makes perfect sense... so how would implement a smilar system to stop bots signing up...
     
    oo7ml, Nov 20, 2012 IP
  6. NetStar

    NetStar Notable Member

    Messages:
    2,471
    Likes Received:
    541
    Best Answers:
    21
    Trophy Points:
    245
    #6
    Just like I said...store an ID in a cookie. Keep track of the sensitive data via a database.
     
    NetStar, Nov 20, 2012 IP
  7. Rukbat

    Rukbat Well-Known Member

    Messages:
    2,908
    Likes Received:
    37
    Best Answers:
    51
    Trophy Points:
    125
    #7
    Or just keep a count in the cookie. If the user signs in successfully on the second or third attempt, delete the cookie. If they complete the captcha, delete the cookie. If the count in the cookie exceeds what you want, take the appropriate action (which may or may not include deleting the cookie - that depends on what you want to do).
     
    Rukbat, Nov 22, 2012 IP