Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Brute: check if the brute key's are correct #7766

Closed
kirrg001 opened this issue Dec 5, 2016 · 1 comment · Fixed by #7867
Closed

Brute: check if the brute key's are correct #7766

kirrg001 opened this issue Dec 5, 2016 · 1 comment · Fixed by #7867
Assignees
@kirrg001
Labels
affects:api Affects the Ghost API server / core Issues relating to the server or core of Ghost

Comments

@kirrg001
Copy link
Contributor

kirrg001 commented Dec 5, 2016

It could be that the brute key's for globalReset are not correct.
It would be great to check it 👍
Only affects Ghost alpha/master.
@kirrg001 kirrg001 added affects:api Affects the Ghost API server / core Issues relating to the server or core of Ghost labels Dec 5, 2016
@vivekannan
Copy link
Contributor

vivekannan commented Dec 6, 2016
edited
Loading

https://github.com/TryGhost/Ghost/blob/master/core/server/middleware/api/spam-prevention.js#L77

Not sure if I am making much sense, but shouldn't this,

}, _.pick(spamGlobalBlock, spamConfigKeys))

be this,

}, _.pick(spamGlobalReset, spamConfigKeys))

Holler if you want a pull request.

EDIT: also why are we picking keys from the objects instead of passing the objects directly? is it because they are internal modified and we want to the unmodified objects as well?

@vivekannan vivekannan mentioned this issue Jan 17, 2017
Closed
@kirrg001 kirrg001 self-assigned this Jan 18, 2017
@kirrg001 kirrg001 mentioned this issue Jan 20, 2017
Merged
1 task
kirrg001 added a commit to kirrg001/Ghost that referenced this issue Jan 23, 2017
@kirrg001
🎨 optimisations for brute
4c4e038 
closes TryGhost#7766, refs TryGhost#7579

- ensure we are using the correct brute keys
- ensure we are using req.ip as Ghost is configured  with trust proxy option
- tidy up a little
kirrg001 added a commit that referenced this issue Jan 23, 2017
@kirrg001
🎨 optimisations for brute (#7867)
a2edc09 
closes #7766, refs #7579

- ensure we are using the correct brute keys
- ensure we are using req.ip as Ghost is configured  with trust proxy option
- tidy up a little
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kirrg001 kirrg001

Labels
affects:api Affects the Ghost API server / core Issues relating to the server or core of Ghost
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

🎨 optimisations for brute kirrg001/Ghost
2 participants
@kirrg001 @vivekannan