Topic: Brute Force Attack Prevention
Could someone create a mod similar to VB and PhpBB plugins that allow only a certain number of tries for a user to login before temp banning for 20 mins?
2 2006-08-30 19:03 (edited by Smartys 2006-08-30 19:03)
Re: Brute Force Attack Prevention
Temp banning the user that is being brute forced or the IP doing the brute forcing? 
Re: Brute Force Attack Prevention
Note to self: brute force aeroguy's account so he can't log in.
Re: Brute Force Attack Prevention
guardian34 wrote:
Note to self: brute force aeroguy's account so he can't log in.
And why would you want to do this?
Re: Brute Force Attack Prevention
He was joking 
Re: Brute Force Attack Prevention
i was thinking the ip that was doing the brute force be temp banned, also this ip should be noted some where in the admin section as logs, depending on how many days the logs were set to purge, the admin could permanately ban the ip and to see if any username were comprised by the ip. I think this could be done by comparing the recent ip and date of the user account to see if it is same as the brute force ip. For the log I was thinking something along the lines.
IP - Date / Time Stamp - Attacking Username - Successful (yes - no) - Permanetly Ban this Ip ( yes - no)
All joking aside, i think this feature is vital to have. Also if not already implemented in 1.3, i think all admin files should be kept in a seperate folder, so that it can be further protected by .htaccess password.
Re: Brute Force Attack Prevention
The "admin section as logs" bit would have to be an adaptation if the Admin Logs mod is installed