[TYPO3] Brute-forcing TYPO3 accounts

Giannis Economou gecon at di.uoa.gr
Fri Nov 9 20:33:30 CET 2007

Hi Tomas,

but why are you against solutions that are server specific (detection on 
web server, protection on firewall)? Do you want to stay flexible on the 
web server you use?

Giannis Economou

Tomas Mrozek wrote:
> Hi Christian and Giannis,
> Thanks for posting the links to already available tools. If nothing 
> else, these tools will surely provide at least some ideas on brute-force 
> protection.
> However, I wouldn't like to go for a server-specific solution, so I'm 
> thinking rather about the protection served by the TYPO3 core or an 
> extension.
> When thinking about possible methods of protection (not just detection, 
> that's not enough) one thing was repeatedly coming to my mind: all those 
> methods must work in such a manner that they won't cause a denial of 
> service to legitimate users, meaning that it would handle cases in which 
> an attacker has the same IP address as a legitimate user (= firing an 
> attack from the same network behind proxy).
> All in all, it's not an easy task, I guess.
> Tomas Mrozek
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english

More information about the TYPO3-english mailing list