nsilver7
commented
11 years ago Not sure local storage would work well. Does have the advantage of better persistence but there's no guarantee that the bad guy is using a local storage browser. In fact its probably more likely that bots and random scanners would be hitting the site, in which case there might be no browser at all. On May 18, 2013 3:05 PM, "Matt Johansen" notifications@github.com wrote:
IP address is great and all but not good enough to persistently track and profile an attacker.
One idea: Set a cookie once an attack is flagged, this will add a further view into the particular browser doing the evilness. Issue: Not very persistent. Easily detected, blocked, and removed on the client side.
Better idea? Some sort of persistent tokenization would be more effective in this regard. Localstorage? Would outlive browser/machine restart and cookie/cache clearing.
Once tracked, an attacker can be given a unique identifier for the dashboard and all attempted attacks chronicled. "ASP.NET Config file accessed", "Brute Force attempt", "Hidden Form Param Manip" etc. Whatever booby traps triggered with level of complexity.
— Reply to this email directly or view it on GitHubhttps://github.com/ViceTech/Vice/issues/12 .
mattjay
IP address is great and all but not good enough to persistently track and profile an attacker.
One idea:
Set a cookie once an attack is flagged, this will add a further view into the particular browser doing the evilness. Issue: Not very persistent. Easily detected, blocked, and removed on the client side.
Better idea?
Some sort of persistent tokenization would be more effective in this regard. Localstorage? Would outlive browser/machine restart and cookie/cache clearing.
Once tracked, an attacker can be given a unique identifier for the dashboard and all attempted attacks chronicled. "ASP.NET Config file accessed", "Brute Force attempt", "Hidden Form Param Manip" etc. Whatever booby traps triggered with level of complexity.