[TYPO3-english] brute force attacks on backend

Stephan Bernhard grac at gmx.ch
Thu Sep 12 14:28:20 CEST 2013


@ peter

On 12.09.2013 07:20, Peter Kühnlein wrote:

> but denying all and allowing only your own IPs for the backend would
> keep the attacker out, even if they changed the IPs. just make sure the
> rule matches the backend only.
>
> alternatively, the install tool has a section in [BE] called
> [IPmaskList], which might be of help.
>
> quote: "String: Lets you define a list of IP-numbers (with *-wildcards)
> that are the ONLY ones allowed access to ANY backend activity. On error
> an error header is sent and the script exits. Works like IP masking for
> users configurable through TSconfig. See syntax for that (or look up
> syntax for the function t3lib_div::cmpIP()) "

since there are quite a few BE-users in my installations, i don't know 
from which IPs they log in.

so this solution will unfortunately not work...

stephan


More information about the TYPO3-english mailing list