[TYPO3] Brute-forcing TYPO3 accounts

Tomas Mrozek mail at cascaval.com
Fri Nov 9 16:05:11 CET 2007

One of the problems that I has recently been pondering about is how to 
prevent any attempts to brute-force TYPO3 accounts. As far as I know, 
TYPO3 doesn't have any internal mechanism of protection against such 

The only possibilities (I know of) are...
* setting IP address restriction (IPmaskList) - not always usable and 
not necessarily a solution
* sending a warning email to a defined mail account (pretty useless if 
an admin is eg. asleep)

Is there anyone who...
...has been thinking about the same?
...knows about any attempts to handle such a problem in TYPO3?
...knows about any methods of protection against such attacks in general?

Tomas Mrozek

More information about the TYPO3-english mailing list