<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi<div><br></div><div>We've had a customer with the same problem last week, fortunately they only tried with the username "admin" so it's not really a well orchestrated attack.</div><div><br></div><div>It would be nice with something like this in the core, but as I remember there has efforts for this in the past which resulted in not getting implemented due to not being able to reach a solution that fits all. But maybe we could find a solution that would work for most, but be disabled by default. It's not very far from the build in notice after unsuccessful login attempts.</div><div><br></div><div>However we searched a little and found a extension that does exactly this: <a href="http://typo3.org/extensions/repository/view/aba_bruteforceblocker">http://typo3.org/extensions/repository/view/aba_bruteforceblocker</a></div><div>Haven't tried it out, but updated recently so it might solve your problem.</div><div><br></div><div>Also our recommendation to the customer was to add server side IP restriction of the backend, which if possible is a better solution.</div><div><br></div><div>Cheers</div><div>Aske</div><div><br><div><div>On 22/09/2013, at 14.18, Marcus Krause wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>Hi Torben,<br><br><br>Am 22.09.2013, 07:27 Uhr, schrieb Torben Hansen <<a href="mailto:hansen@skyfillers.com">hansen@skyfillers.com</a>>:<br><br><blockquote type="cite">Hi all,<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">brute force attacks to TYPO3 backends increased the last weeks, so I created a patch which internally blacklists the remote IP address for a given time, if there are too many authentication failures from a remote host.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><a href="http://forge.typo3.org/issues/52170">http://forge.typo3.org/issues/52170</a><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">The attached patch is not completely finished, but I would like to hear some feedback from the core developers, if this approach is something that could make it to the core of the next LTS.<br></blockquote><br>thank you for working on this topic. I'd like to have something like this in the Core. So please go on.<br>However I have oulined a few issues on the current patchset which IMHO should be taken care of.<br><br><br>Thanks again for your contribution,<br>cheers Marcus.<br><br><br>PS: Greetings from PHPunconference and Stefano, who is sitting next to me right now. ;-)<br><br>-- <br>Marcus Krause<br>TYPO3 Security Team<br><br>TYPO3 .... inspiring people to share!<br>Get involved: <a href="http://typo3.org">typo3.org</a><br>_______________________________________________<br>Before posting to this list, please have a look to the posting rules<br>on the following websites:<br><br><a href="http://typo3.org/teams/core/core-mailinglist-rules/">http://typo3.org/teams/core/core-mailinglist-rules/</a><br>http://typo3.org/development/bug-fixing/diff-and-patch/<br>_______________________________________________<br>TYPO3-team-core mailing list<br>TYPO3-team-core@lists.typo3.org<br>http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-team-core<br></div></blockquote></div><br></div></body></html>