[TYPO3] Brute-forcing TYPO3 accounts
Tomas Mrozek
mail at cascaval.com
Fri Nov 9 18:24:08 CET 2007
Hi Christian and Giannis,
Thanks for posting the links to already available tools. If nothing
else, these tools will surely provide at least some ideas on brute-force
protection.
However, I wouldn't like to go for a server-specific solution, so I'm
thinking rather about the protection served by the TYPO3 core or an
extension.
When thinking about possible methods of protection (not just detection,
that's not enough) one thing was repeatedly coming to my mind: all those
methods must work in such a manner that they won't cause a denial of
service to legitimate users, meaning that it would handle cases in which
an attacker has the same IP address as a legitimate user (= firing an
attack from the same network behind proxy).
All in all, it's not an easy task, I guess.
Tomas Mrozek
More information about the TYPO3-english
mailing list