New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tambahkan anti brute-force di login #547

Closed
telo99 opened this Issue Aug 12, 2017 · 3 comments

Comments

2 participants
@telo99

telo99 commented Aug 12, 2017

Ada kemungkinan penyerang akan menggunakan metode brute force untuk mencoba masuk ke site manager.
Alangkah baiknya jika kesalahan login dibatasi hanya 10 misalnya (atau bisa juga dibuat agar pengguna bisa mengatur sendiri jumlahnya). Jika 10x gagal, blokir IP-nya selama 1 hari.

#SekedarIde #NggakTerlaluPenting :)

@eddieridwan eddieridwan added this to DIRENCANAKAN in Rilis yang sedang dikerjakan Aug 13, 2017

@eddieridwan eddieridwan changed the title from Request: Anti bruteforce to Tambahkan anti brute-force di login Aug 13, 2017

@eddieridwan

This comment has been minimized.

Collaborator

eddieridwan commented Aug 13, 2017

Mungkin bisa diatasi dengan usul penambahan capcha di login, di issue #489.

@eddieridwan eddieridwan removed this from DIRENCANAKAN in Rilis yang sedang dikerjakan Aug 31, 2017

@eddieridwan eddieridwan added this to DIPRIORITASKAN in Rilis yang sedang dikerjakan Nov 7, 2017

@eddieridwan

This comment has been minimized.

Collaborator

eddieridwan commented Nov 14, 2017

Setelah konsultasi dengan pengguna di https://www.facebook.com/groups/OpenSID/, pengguna lebih memilih cara menutup login sementara daripada menggunakan captcha.

@eddieridwan eddieridwan self-assigned this Nov 14, 2017

@eddieridwan eddieridwan moved this from DIPRIORITASKAN to SEDANG DIKERJAKAN in Rilis yang sedang dikerjakan Nov 14, 2017

eddieridwan pushed a commit that referenced this issue Nov 14, 2017

Eddie Ridwan
#547: Untuk mencegah percobaan login oleh orang atau secara otomatis,…
… matikan form login siteman selama 5 menit setelah 3 kali gagal. [security-fix]
@eddieridwan

This comment has been minimized.

Collaborator

eddieridwan commented Nov 14, 2017

Sudah dicommit ke master.

@eddieridwan eddieridwan moved this from SEDANG DIKERJAKAN to SUDAH DI MASTER in Rilis yang sedang dikerjakan Nov 14, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment