reCaptcha after 5 times login failure

reCaptcha after 5 times login failure

  

Hello mates,

I'm developing a task that show recaptcha after 5 login failures.
where I can count the failure counter while he is not logged in yet 

Thanks in advance,
Best regards 

Hi Mohamed,

We have different way to hold the count value. One way you can create a table lets say "User Login Attempt" under this add attribute UserID, LoginDateTime, LoginAttemptNo where you can check the login count as per the User also If login Count > 5 then show recaptcha.

Hope this will help you.

Thanks,

-HM-




Hi Hitesh,

Thanks for your reply, I may not explained it very well but here i want to count the login failures which means he did not have UserID, or username or Password he is a bot or someone trying to guess passwords.

Thanks,

Best Regards

Hi Mohamed,

By default (Users provider), if you try the login a few times (four or five, if I'm not mistaken) with correct user but wrong password, the user will be blocked by 60 minutes.

This is not enough?

Cheers,
Eduardo Jauch

Hi Eduardo, 

Thanks Eduardo this is the second time you respond to my questions   , yeah its not enough for the client he needs reChapcha I've made it using a session as a counter, but i don't like the approach its not good development and attacks. 

thanks Eduardo,
Best Regards 

Hi Mohamed,

The Users eSpace (if you are using it as Users Provider), has a LoginAttempt entity. Unfortunately it is not public.

You can try something like this:

Create a similar entity.
In the Login page, when the user press the Login button, in the screen action, before the login action is called, you find the UserId (by the User Login it was provided) in the User entity and look in your LoginAttempt entity if you should show the Captcha, and if yes (last X login failed) you show the captcha.
After the user type the captcha or if it is not necessary yet, save a record for that user with a status of Failed. If the login is successful, after the login, you change the status to successful login.  

This way you can control when the captcha should be shown.

Cheers,
Eduardo Jauch

Thanks Eduardo,
     
      I developed it with a session counter, I know its not the best solution but had no time to find another.

Now I found a function in Users eSpace called 'User_GetLastFailedLoginAttempts' which returns the last login fails for a user. I will try it when I have time dont know if it will work only for a correct username or for a session counter.


Best Regards,
Mohamed AlMokadem

Mohamed ElMokadem wrote:

Thanks Eduardo,
     
      I developed it with a session counter, I know its not the best solution but had no time to find another.

Now I found a function in Users eSpace called 'User_GetLastFailedLoginAttempts' which returns the last login fails for a user. I will try it when I have time dont know if it will work only for a correct username or for a session counter.


Best Regards,
Mohamed AlMokadem

Hello Mohamed,

I didn't remembered about this API (never used, really). Sorry.
I took a look at the documentation, and it seems that it will suit your needs:

https://success.outsystems.com/Documentation/10/Reference/OutSystems_APIs/Users_API#User_GetLastFailedLoginAttempts

https://success.outsystems.com/Documentation/10/Reference/OutSystems_APIs/Users_API#LoginAttemptPublic

Cheers,
Eduardo Jauch