[TYPO3] Brute-forcing TYPO3 accounts
Giannis Economou
gecon at di.uoa.gr
Fri Nov 9 17:16:47 CET 2007
Hello,
something that can also help (not in TYPO3 but in server layer) is this
mod_evasive (http://www.zdziarski.com/projects/mod_evasive/), which can
auto black-list certain users performing brute-force attacks. This is
for apache.
Best regards,
Giannis Economou
Tomas Mrozek wrote:
> One of the problems that I has recently been pondering about is how to
> prevent any attempts to brute-force TYPO3 accounts. As far as I know,
> TYPO3 doesn't have any internal mechanism of protection against such
> attacks.
>
> The only possibilities (I know of) are...
> * setting IP address restriction (IPmaskList) - not always usable and
> not necessarily a solution
> * sending a warning email to a defined mail account (pretty useless if
> an admin is eg. asleep)
>
> Is there anyone who...
> ...has been thinking about the same?
> ...knows about any attempts to handle such a problem in TYPO3?
> ...knows about any methods of protection against such attacks in general?
>
> Tomas Mrozek
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>
>
More information about the TYPO3-english
mailing list