Geek Answers Handbook

Detecting people using login / account information for website

I have a website that contains a secure area, accessible by logging in with account information. In a secure area, I have an expensive IP. I found that people share their passwords with other people. Are there any existing technologies / solutions / methods that I can implement to detect fraudulent patterns?

Thanks in advance for your help.

+7
source share
3 answers

  • check the geographic region. If for some time several logins from regions located geographically far from each other are registered, then you know that these credentials have been separated.

    Entrance to the system from New York on Friday morning, entry to China on Friday evening

  • Bandwitdh consumption: if your site offers a lot of content, if the user goes over some high limit, this means that his credentials have been shared.

    maximum bandwidth 5 MB / s; then in one day 60 * 60 * 24 * 5 MB - your upper limit per day per user

  • keep a counter of live sessions so you can see how many people are logging in at the same time. This is inaccurate because the same person can log in through multiple browsers from the same IP address and have a session for each of them.

    if they have 100 sessions (4 times / hour), which may seem like more than one person if your site does not expect this behavior

+5
source

There are several ways to approach this. But it really will come down to the type of content and how often this user really captures new content. For adult sites, obviously, the main purpose of logging in is to download new content. I am not sure about your site.

One way and perhaps the easiest is to simply limit the number of simultaneous downloads and / or speed limit of each download.

If the files are large enough, you can impose a speed limit on the data transfer rate. Choose something that is a little slow but not so slow as to make people go crazy. I would suggest that 30 seconds to download a file is not so bad.

Then allow them to upload only 1 or 2 documents for each login ID. People will be slightly less likely to share their password if they know that they may not be able to download something because someone else.

Another approach would be to capture an IP address when a user logs in. Yes, I know this change, but it gives you a starting point. If several users are active with the same login ID but with different IP addresses, you can either send them a warning that their account has been “hacked”;), and that you are changing the password. Change it, delete everyone and send the password to the email address that you have in the file.

Remember that you do not want the user to not access him from work, and then return home and gain access to it. Thus, you must make sure that they are essentially online at the same time. This means receiving requests from different IP addresses within a minute or two from each other.

A twist on this will be to determine if multiple session identifiers are associated with the same name. For example, when logging in, save the current session ID in a table. After logging out or reaching a timeout, clear this session ID.

Do not let them log in again while another session identifier is active. Let them know that they must wait xx minutes until the session is cleared or that another user is currently logged into their account.

Ask them if they want to reset the session. This allows a situation where someone accidentally closes the browser and returns to your site. If they chose yes, stop the current session, change the password, and send it to the email address in the file.

I guarantee that this last one will make people stop sharing their passwords. After all, if I cannot log in because someone I gave my password to is currently online, then this is a sore point that I want to stop. Also, if I am the one who borrowed the password and simply locked because the password has changed, I will either get my own account or work in another place: both of which are usually acceptable situations.

+3
source

This is a pretty tricky problem:
If your users change their location several times a day, their IP address will change, but he is still the same person.
If your user has the same place during the day, but connects several times, he can be a very good friend, say, in an Internet cafe.

You will need to use a combination of these: if the user often changes the IP address, go and check the map location of this IP address and see if you can move the distance between the two connections. If this is not the case, it is a scam.

0
source

More articles:


All Articles