What are the chances of my site being brute-force attacked from more than one computer?

Question

To make sure my idea of a brute-force attack is correct, what I mean is someone or a bot attempting many passwords in order to try and log in to my site.
And I’ve heard I shouldn’t code my own defense against this sort of thing, but why? I thought it might simply be a matter of adding some columns to my users table such as time of last failed login and number of failed logins, and check those whenever a login is attempted. What could go wrong with that?
If I shouldn’t code my own defense, what is the alternative please? I’m using Laravel and Laravel Throttle (https://github.com/GrahamCampbell/Laravel-Throttle) has been recommended, but I don’t think it would protect against attacks from more than one computer.

Ricky Catron · Accepted Answer

There is no reason not to code your own defense. Simply don't do the WHOLE thing yourself such as hashs or encryption. Here (http://stackoverflow.com/questions/424210/preventing-brute-force-logins-on-websites) is a good stackoverflow question discussing ways to prevent a BotNet or DDos attack.
Your idea is one of the ones suggested. Personally I have never needed something like this but a site with a large audience and important information might.
Chances of this happening go up exponentially with the value of your site. I assume Twitter and Facebook defend against them every once in a while but a local mom and pops shop might never see one.
Goodluck!
--Ricky

Welcome to the Treehouse Community

Looking to learn something new?

Jenny Swift

Jenny Swift

What are the chances of my site being brute-force attacked from more than one computer?

1 Answer

Ricky Catron

Ricky Catron

Jenny Swift

Jenny Swift