Battle.net Bot Development | Password lag restriction

Author	Message	Time
laurion	I'm not sure what the name for it is, but I mean when you try too many wrong passwords in a set amount of time, you will get locked out of logging in period from that server for a set (?) amount of time..for instance, if i try to logon an account 4 times in 10 seconds, i will be banned (locked out, w/e) for 1 hour..has anyone researched this and can provide me with accurate information?	December 19, 2005, 2:39 AM
Yegg	The name for it is IP ban.	December 19, 2005, 2:52 AM
laurion	Not really, its different than an IP ban.. ::)	December 19, 2005, 3:04 AM
Networks	Does it temporarily lock the account for a set amount of time or does it just lock YOU out (being an IPBan). I'd say that's an interesting exploit to use against those that you hate. Continually locking them out of an account until it expires and then registering it yourself....I think I said to much........=P	December 19, 2005, 3:58 AM
Ringo	yep, if you try to many 0x3A/0x29's, bnet will put a lock on the account in question, and lock your IP, meaning the server just wont respond to account logons. If you changed IP, you will ntoice you get 1 shot at logging on the account, if you type in a wrong password, it then puts a logon lock on ur IP again. I think the lock on the account lasts an hour, and IP locks last 30mins, but im not 100% sure	December 19, 2005, 4:07 AM
laurion	any idea what you need to do (how many tries) to get locked? or is it just like 5 misses in a row EDIT: This is via CHAT connection, not binary!! Edit: wow, you get locked out fast..with 10 sec delays, i got fuked over after 3 tries [23:36:59] Joe:aback [23:36:59] Login incorrect. [23:37:09] Joe:abandoned [23:37:10] Login incorrect. [23:37:20] Joe:abandonment [23:37:20] Login incorrect. [23:37:30] Joe:abashed [23:39:32] 2000 NULL Ringo: switching IPs offers you 3 more fresh logons~ Okay, increased my delay to 1 minute-and still locked from that IP. I have come to the conclusion that 3 failed password attempts on 1 account via chat connection will lock that IP out of logging in for 1 hour. However, battle.net doesnt terminate the connection, just sends NULL packets every 2 minutes.	December 19, 2005, 4:08 AM
Explicit[nK]	Doesn't Battle.net just lock the account you're trying to log onto, rather than IP ban you overall?	December 19, 2005, 9:34 AM
Quarantine	I think Battle.net starts ignoring you.	December 19, 2005, 9:59 AM
LoRd	Battle.net will restrict the login of an account after 4 failed login attempts. The restriction is based on IP and usually lasts about 15 minutes on a first offence (rumored to double each time the limit is reached). In addition to locking you out of the account, the restriction limits the number of failed logins you can get on other accounts to 1. Bruteforce or dictionary-based cracking attempts will most likely fail due to these restrictions.	December 19, 2005, 11:54 AM
LordNevar	[quote author=Lord[nK] link=topic=13575.msg138428#msg138428 date=1134993247] Battle.net will restrict the login of an account after 4 failed login attempts. The restriction is based on IP and usually lasts about 15 minutes on a first offence (rumored to double each time the limit is reached). In addition to locking you out of the account, the restriction limits the number of failed logins you can get on other accounts to 1. Bruteforce or dictionary-based cracking attempts will most likely fail due to these restrictions. [/quote] This information is correct. There is no way to bypass this in any fashion as it is a server side check. This information is not stored locally.	December 19, 2005, 12:39 PM
laurion	[quote author=Lord[nK] link=topic=13575.msg138428#msg138428 date=1134993247] Battle.net will restrict the login of an account after 4 failed login attempts. The restriction is based on IP and usually lasts about 15 minutes on a first offence (rumored to double each time the limit is reached). In addition to locking you out of the account, the restriction limits the number of failed logins you can get on other accounts to 1. Bruteforce or dictionary-based cracking attempts will most likely fail due to these restrictions. [/quote] Does this apply to CHAT and Binary connections, or just CHAT?	December 19, 2005, 8:05 PM
l2k-Shadow	[quote author=Tazo link=topic=13575.msg138486#msg138486 date=1135022746] [quote author=Lord[nK] link=topic=13575.msg138428#msg138428 date=1134993247] Battle.net will restrict the login of an account after 4 failed login attempts. The restriction is based on IP and usually lasts about 15 minutes on a first offence (rumored to double each time the limit is reached). In addition to locking you out of the account, the restriction limits the number of failed logins you can get on other accounts to 1. Bruteforce or dictionary-based cracking attempts will most likely fail due to these restrictions. [/quote] Does this apply to CHAT and Binary connections, or just CHAT? [/quote] Both.	December 19, 2005, 8:44 PM

Author

Message

Time

laurion

I'm not sure what the name for it is, but I mean when you try too many wrong passwords in a set amount of time, you will get locked out of logging in period from that server for a set (?) amount of time..for instance, if i try to logon an account 4 times in 10 seconds, i will be banned (locked out, w/e) for 1 hour..has anyone researched this and can provide me with accurate information?

December 19, 2005, 2:39 AM

Yegg

The name for it is IP ban.

December 19, 2005, 2:52 AM

laurion

Not really, its different than an IP ban.. ::)

December 19, 2005, 3:04 AM

Networks

Does it temporarily lock the account for a set amount of time or does it just lock YOU out (being an IPBan). I'd say that's an interesting exploit to use against those that you hate. Continually locking them out of an account until it expires and then registering it yourself....I think I said to much........=P

December 19, 2005, 3:58 AM

Ringo

yep, if you try to many 0x3A/0x29's, bnet will put a lock on the account in question, and lock your IP, meaning the server just wont respond to account logons.
If you changed IP, you will ntoice you get 1 shot at logging on the account, if you type in a wrong password, it then puts a logon lock on ur IP again.
I think the lock on the account lasts an hour, and IP locks last 30mins, but im not 100% sure

December 19, 2005, 4:07 AM

laurion

any idea what you need to do (how many tries) to get locked? or is it just like 5 misses in a row

EDIT: This is via CHAT connection, not binary!!

Edit: wow, you get locked out fast..with 10 sec delays, i got fuked over after 3 tries

[23:36:59] Joe:aback
[23:36:59] Login incorrect.
[23:37:09] Joe:abandoned
[23:37:10] Login incorrect.
[23:37:20] Joe:abandonment
[23:37:20] Login incorrect.
[23:37:30] Joe:abashed
[23:39:32] 2000 NULL

Ringo: switching IPs offers you 3 more fresh logons~

Okay, increased my delay to 1 minute-and still locked from that IP. I have come to the conclusion that 3 failed password attempts on 1 account via chat connection will lock that IP out of logging in for 1 hour. However, battle.net doesnt terminate the connection, just sends NULL packets every 2 minutes.

December 19, 2005, 4:08 AM

Explicit[nK]

Doesn't Battle.net just lock the account you're trying to log onto, rather than IP ban you overall?

December 19, 2005, 9:34 AM

Quarantine

I think Battle.net starts ignoring you.

December 19, 2005, 9:59 AM

LoRd

Battle.net will restrict the login of an account after 4 failed login attempts. The restriction is based on IP and usually lasts about 15 minutes on a first offence (rumored to double each time the limit is reached). In addition to locking you out of the account, the restriction limits the number of failed logins you can get on other accounts to 1. Bruteforce or dictionary-based cracking attempts will most likely fail due to these restrictions.

December 19, 2005, 11:54 AM

LordNevar

[quote author=Lord[nK] link=topic=13575.msg138428#msg138428 date=1134993247]
Battle.net will restrict the login of an account after 4 failed login attempts. The restriction is based on IP and usually lasts about 15 minutes on a first offence (rumored to double each time the limit is reached). In addition to locking you out of the account, the restriction limits the number of failed logins you can get on other accounts to 1. Bruteforce or dictionary-based cracking attempts will most likely fail due to these restrictions.
[/quote]

This information is correct. There is no way to bypass this in any fashion as it is a server side check. This information is not stored locally.

December 19, 2005, 12:39 PM

laurion

[quote author=Lord[nK] link=topic=13575.msg138428#msg138428 date=1134993247]
Battle.net will restrict the login of an account after 4 failed login attempts. The restriction is based on IP and usually lasts about 15 minutes on a first offence (rumored to double each time the limit is reached). In addition to locking you out of the account, the restriction limits the number of failed logins you can get on other accounts to 1. Bruteforce or dictionary-based cracking attempts will most likely fail due to these restrictions.
[/quote]
Does this apply to CHAT and Binary connections, or just CHAT?

December 19, 2005, 8:05 PM

l2k-Shadow

[quote author=Tazo link=topic=13575.msg138486#msg138486 date=1135022746]
[quote author=Lord[nK] link=topic=13575.msg138428#msg138428 date=1134993247]
Battle.net will restrict the login of an account after 4 failed login attempts. The restriction is based on IP and usually lasts about 15 minutes on a first offence (rumored to double each time the limit is reached). In addition to locking you out of the account, the restriction limits the number of failed logins you can get on other accounts to 1. Bruteforce or dictionary-based cracking attempts will most likely fail due to these restrictions.
[/quote]
Does this apply to CHAT and Binary connections, or just CHAT?
[/quote]
Both.

December 19, 2005, 8:44 PM

Valhalla Legends Forums Archive | Battle.net Bot Development | Password lag restriction