Hello, Recently one visitor to my web site kept on trying different logins/passwords so that he could login.Its not a community site also its less than a week old and the login is concealed for the average web user so i would classify this incident as a malicious one. Since then i modified the code so that each visitor sees his IP address as a measure of determent for the less determined ill mannered visitors. I would like to ask your opinion on this as my experience is limited regarding this matter. Would you consider seeing your ip on the web page as an invasion of your privacy? If the IP was less conspicuous would it make a difference to you? Would you be less inclined to visit again this site? I am just starting now and i would not want to ruin everything from such a trivial thing. Please share any suggestions on how to deter those bad visitors. Thank you.
Most large companies display your IP just to show potential trouble makers they're being logged. I think most people are use to it. If they aren't they need to get use to it.
It's not an invasion of their privacy to show the person their own IP. Most people are probably aware that as soon as they hit a site, their IP is logged in one way or another. Now the question is this: Do they care? I'd say no, people don't seem to be able to get in trouble online no matter what. I've been dealing with this myself as of late and no one will help me and I have a lot of info. Little good it did. I'd say you're wasting your time showing them their IP. If they want to do something they're going to do it. Can't seem to deter bad visitors. It's just something you have to deal with on the net, as in life.
If they actually know what they are doing, the ip address that you can get is probably not really theirs anyway.
Thanks for your replies. It is clear that if someone wants to harm you he will do it and you will never know what happened.What i am more concerned for, is the teenagers who become aware of a script vulnerability and want to try it out at the first site they see.Good point from TiGG that this method is used by many large companies but also its right that the perpetrators dont care whether we know them or not since its difficult to enforce the law. So it seems I will hide the login page further and better and print the IP address and dns of the visitor on this page only along with relevant "intimidating" text. I would greatly appreciate it if any other experienced webmaster/web designer could offer his view on this matter.
Maybe you'd be interested in looking into and investing in SiteFirewall. More Info: http://www.hotscripts.com/Detailed/47419.html Website: http://coralpalms.com/software/site-firewall-pro.html $19.99
Somebody poking at your site is an every day reality, so you might as well get used to it. Hiding pages is never a good practice - hackers use a technique called forceful browsing to figure out hidden URLs. They have databases of hundreds and hundreds of possible page names and run automated tools to go through all possible combinations quite quickly. You should definitely show people their IP address. Moreover, you should force the login page to work only if the user is connected over SSL. If anybody connects over a non-encrypted connection, redirect them to the secure page. Some companies offer greater security by notifying users that a successful login attempt was from a certain IP address (if you don't deal with financial data, it's probably an overkill for you). Some companies actually restrict all requests from a logged on user to a particular IP address range, making it impossible for someone who eavesdropped on the connection to impersonate the user from another machine. Another thing you should do is to implement a lock-out policy. If somebody tried to login from the same IP address more than N times, you can reject any requests from this IP address for, say, 15-30 minutes. This usually is enough to force the attacker to look for an easier prey. J.D.