[TYPO3-core] Brute force protection for TYPO3 backend
Jigal van Hemert
jigal.van.hemert at typo3.org
Sun Sep 22 11:55:22 CEST 2013
Hi,
On 22-9-2013 7:27, Torben Hansen wrote:
> brute force attacks to TYPO3 backends increased the last weeks, so I
> created a patch which internally blacklists the remote IP address for a
> given time, if there are too many authentication failures from a remote
> host.
>
> The attached patch is not completely finished, but I would like to hear
> some feedback from the core developers, if this approach is something
> that could make it to the core of the next LTS.
There are probably others who like to see other measures taken in their
network, such as disabling accounts after a number of attempts, etc.
To accommodate all possibilities it would IMO be a nice approach if
extensions (or the core) can supply a small service which checks if the
login attempt is allowed, etcetera.
Static classes are not used a lot in the core because they are
problematic for unit tests.
Furthermore, please put in the commit message what feature/bugfix does
and not what the problem is; the bug tracker is for explaining the problem.
If you want to push a patch, but it needs more work you can put [WIP]
(Work In Progress) at the beginning of the first line in the commit
message to indicate that you're still working on it.
--
Jigal van Hemert
TYPO3 CMS Active Contributor
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-core
mailing list