I have a site running Classic-ASP and on the login page I would like to delay the response to a failed login attempt (by like 10 seconds) to help prevent brute force attacks on accounts.
Quick google searches show some hacks using SQL server queries that seem hack-tastic.
Is there a good way to do this in classic asp?
You can use :
<html>
<head>
<title>Sleep</title>
</head>
<body>
<%
function Sleep(seconds)
set oShell = CreateObject("Wscript.Shell")
cmd = "%COMSPEC% /c timeout " & seconds & " /nobreak"
oShell.Run cmd,0,1
End function
Sleep(5)
response.write("End")
%>
</body>
</html>
There is no simple way to do so in pure ASP.
Either SQL WAITFOR, or create simple ActiveX component in VB (or anything) that sleeps.
Note that this will increase load on the server. Sleeping requests keep memory and connections consumed for nothing.
I am not going to answer your specific question, as many have already done so, but there are far better ways of preventing brute force attacks.
For instance:
Response.End
.Just saying there are other options than putting unnecessary load on your server by locking some resources and waiting.
Obviously, doing this at the hardware layer - firewalls etc. would be the preferred option.
There is the WScript.Sleep method for general purpose VBScript, however, this won't work in the context of ASP.
There are a number of other mechanisms you can use to achieve this, however, they're all effectively "workarounds" as there's no built-in way to cleanly cause an ASP page (running VBScript) to pause itself.
See here:
How do I make my ASP page pause or 'sleep'?
To specifically answer your question of:
Is there a good way to do this in classic asp?
No. There's no good way to do this, and there's only the "hack-tastic" hacks that can be used, however they bring with them all sorts of side-effects and caveats. (See the last part of the "How do I make my ASP page pause or 'sleep'?" link for a specific memory eating, page faulting nasty side-effect.)
There is another approach, but keep in mind the aforementioned caveats about unessecarily consumed resources. Here is an approach though
Sub DelayResponse(numberOfseconds)
Dim WshShell
Set WshShell=Server.CreateObject("WScript.Shell")
WshShell.Run "waitfor /T " & numberOfSecond & "SignalThatWontHappen", , True
End Sub
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With