[TYPO3-english] Preventing brute-force attacks in FE login form
Mauro Lorenzutti
mauro.lorenzutti at webformat.com
Tue Jan 24 08:55:53 CET 2012
Hi Claudio,
Il 23/01/2012 16:41, Claudio Strizzolo ha scritto:
> Hi all,
> I am currently using Typo3 4.5.
>
> Does someone have any hints about preventing brute-force attacks using
> Typo3 FE login form (felogin system extension)?
>
> For instance: if a user supplies a wrong password several times in a
> certain time interval (let's say: 10 times in 2 minutes), don't let
> him/her trying again using the same username in the next 15 minutes.
> Basically I'd like to avoid brute-force attacks by automated tools.
we had the same problem in the past and we modified the newloginbox to
disable the user after he provides a wrong password for 3 times. I think
you have to modify the fe_login by your own, maybe you can use some
hooks and create a different extension (it would be great if you can
release such new extension ;-))
Not an answer to your question, I know: just my experience...
Regards,
--
Mauro Lorenzutti
*** TYPO3 Certified Integrator ***
e-mail: mauro.lorenzutti at webformat.com
---------------------------------------------------------
WEBFORMAT srl | Corte Europa, 12 | I-33097 SPILIMBERGO PN
Tel +39-0427-926.389 -- Fax +39-0427-927.653
info at webformat.com -- http://www.webformat.com
---------------------------------------------------------
More information about the TYPO3-english
mailing list