[TYPO3] Brute-forcing TYPO3 accounts
Giannis Economou
gecon at di.uoa.gr
Fri Nov 9 20:33:30 CET 2007
Hi Tomas,
but why are you against solutions that are server specific (detection on
web server, protection on firewall)? Do you want to stay flexible on the
web server you use?
Giannis Economou
Tomas Mrozek wrote:
> Hi Christian and Giannis,
>
> Thanks for posting the links to already available tools. If nothing
> else, these tools will surely provide at least some ideas on brute-force
> protection.
>
> However, I wouldn't like to go for a server-specific solution, so I'm
> thinking rather about the protection served by the TYPO3 core or an
> extension.
>
> When thinking about possible methods of protection (not just detection,
> that's not enough) one thing was repeatedly coming to my mind: all those
> methods must work in such a manner that they won't cause a denial of
> service to legitimate users, meaning that it would handle cases in which
> an attacker has the same IP address as a legitimate user (= firing an
> attack from the same network behind proxy).
> All in all, it's not an easy task, I guess.
>
> Tomas Mrozek
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>
>
More information about the TYPO3-english
mailing list