[TYPO3-english] brute force attacks on backend
Stephan Bernhard
grac at gmx.ch
Thu Sep 12 14:28:20 CEST 2013
@ peter
On 12.09.2013 07:20, Peter Kühnlein wrote:
> but denying all and allowing only your own IPs for the backend would
> keep the attacker out, even if they changed the IPs. just make sure the
> rule matches the backend only.
>
> alternatively, the install tool has a section in [BE] called
> [IPmaskList], which might be of help.
>
> quote: "String: Lets you define a list of IP-numbers (with *-wildcards)
> that are the ONLY ones allowed access to ANY backend activity. On error
> an error header is sent and the script exits. Works like IP masking for
> users configurable through TSconfig. See syntax for that (or look up
> syntax for the function t3lib_div::cmpIP()) "
since there are quite a few BE-users in my installations, i don't know
from which IPs they log in.
so this solution will unfortunately not work...
stephan
More information about the TYPO3-english
mailing list