[TYPO3] Brute-forcing TYPO3 accounts

Tomas Mrozek mail at cascaval.com
Fri Nov 9 18:24:08 CET 2007


Hi Christian and Giannis,

Thanks for posting the links to already available tools. If nothing 
else, these tools will surely provide at least some ideas on brute-force 
protection.

However, I wouldn't like to go for a server-specific solution, so I'm 
thinking rather about the protection served by the TYPO3 core or an 
extension.

When thinking about possible methods of protection (not just detection, 
that's not enough) one thing was repeatedly coming to my mind: all those 
methods must work in such a manner that they won't cause a denial of 
service to legitimate users, meaning that it would handle cases in which 
an attacker has the same IP address as a legitimate user (= firing an 
attack from the same network behind proxy).
All in all, it's not an easy task, I guess.

Tomas Mrozek


More information about the TYPO3-english mailing list