[TYPO3-english] Preventing brute-force attacks in FE login form

Markus Klein klein.t3 at mfc-linz.at
Tue Jan 24 11:46:05 CET 2012


Or even better, add this features to the sysext felogin.

Kind regards
Markus


> -----Original Message-----
> From: typo3-english-bounces at lists.typo3.org [mailto:typo3-english-bounces at lists.typo3.org] On Behalf Of Mauro Lorenzutti
> Sent: Tuesday, January 24, 2012 8:56 AM
> To: typo3-english at lists.typo3.org
> Subject: Re: [TYPO3-english] Preventing brute-force attacks in FE login form
> 
> Hi Claudio,
> 
> Il 23/01/2012 16:41, Claudio Strizzolo ha scritto:
> > Hi all,
> > I am currently using Typo3 4.5.
> >
> > Does someone have any hints about preventing brute-force attacks using
> > Typo3 FE login form (felogin system extension)?
> >
> > For instance: if a user supplies a wrong password several times in a
> > certain time interval (let's say: 10 times in 2 minutes), don't let
> > him/her trying again using the same username in the next 15 minutes.
> > Basically I'd like to avoid brute-force attacks by automated tools.
> 
> we had the same problem in the past and we modified the newloginbox to disable the user after he provides a wrong password for 3
> times. I think you have to modify the fe_login by your own, maybe you can use some hooks and create a different extension (it would
> be great if you can release such new extension ;-))
> 
> Not an answer to your question, I know: just my experience...
> 
> Regards,
> --
>   Mauro Lorenzutti
> 
> *** TYPO3 Certified Integrator ***
> e-mail:  mauro.lorenzutti at webformat.com
> ---------------------------------------------------------
> WEBFORMAT srl | Corte Europa, 12 | I-33097 SPILIMBERGO PN
>       Tel +39-0427-926.389  --  Fax +39-0427-927.653
>         info at webformat.com  --  http://www.webformat.com
> ---------------------------------------------------------
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english



More information about the TYPO3-english mailing list