How do I make a 401 trap?

[lassiter]

Hi -

As a paysite owner, I often get surfers attempting random username/password combinations to try to get access to my members areas. They end up on a generic 401 "unauthorized user" error page.

I'd like to have something else come up for that 401 instead - a hub page, an FPA, etc. How do I set up a file or files to do that? It's clearly not as simple as just naming a page "401.html" since I've tried that already. |badidea|

Thanks!

[DangerDave]

Don't "TRAP" them... remember half of them are your own members entering their PW incorrectly..

Give them a nice page that says they made a mistake.. or they need to signup for full access..

Create a page called 401.html

In your htaccess put


ErrorDocument 401 /401.html


Test it.. and your done

DD

[lassiter]

Quote:

Originally posted by DangerDave
Don't "TRAP" them... remember half of them are your own members entering their PW incorrectly..

I've inspected my error logs repeatedly over the past year, and not even counting the automated distributed brute-force hacking attempts, I'd say about 98 out of 100 are not my users making mistakes, but people seeing if any given user/pass combo will magically work to unlock the gates of paradise.

You certainly bring up a very good point though - no sense pissing off any paying customers. I'll make a page with a polite suggestion to check their typing and try again, but give a whole bunch of links to other sites/sponsors/FPAs as well.

Thank you, DangerDave!

[Cleo]

What DD said about your 401 page.

If it is hacking that is a problem then have Strongbox installed. I just did on the site that I'm managing and it instantly put an end to this bullshit.

[DangerDave]

.

The "take-home message"

Quote:

it instantly put an end to this bullshit.

Without question StrongBox rocks...

Now where is that Wm affiliate program...? Ray?!

DD