[TYPO3] Brute-forcing TYPO3 accounts
Christian Trabold
christian.trabold at dkd.de
Fri Nov 9 16:28:13 CET 2007
Hi Tomas,
> One of the problems that I has recently been pondering about is how to
> prevent any attempts to brute-force TYPO3 accounts. As far as I know,
> TYPO3 doesn't have any internal mechanism of protection against such
> attacks.
...
> Is there anyone who...
> ...has been thinking about the same?
Yes!
I was also pondering about such security issues some weeks ago... You
may want to read the thread in the Core-List:
news://lists.netfielders.de:119/mailman.1.1193347673.20612.typo3-dev@lists.netfielders.de
> ...knows about any attempts to handle such a problem in TYPO3?
Just as an idea: maybe it would make sense to integrate a tool like
fail2ban [1] with an AuthService.
> ...knows about any methods of protection against such attacks in general?
I think Fail2ban does this pretty well.
Greetings
Christian
[1] http://www.fail2ban.org/wiki/index.php/Main_Page
More information about the TYPO3-english
mailing list