You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When i try to login on dokuwiki, i can brute-force login/password without any trace in apache2's logs, juste code 200 OK all right's :))
Without trace to detect login fail it's more difficult to detect Brute-Force's attacks.
After line 223 (if(!$silent) msg($lang['badlogin'], -1);) in inc/auth.php file add the following:
{ header('HTTP/1.0 404 Not Found'); }
After this, if you use ossec on your dokuwiki/apache2 server , ossec can detect multiple 400 code error on apache and so any brute force on your dokuwiki :))
Tchuss les néné !
Ivanov
The text was updated successfully, but these errors were encountered:
* master:
fix error in config manager caused by changes visibility
Continue if there are no attributes
avoid dependency tests being marked as risky
replaced some more each calls
remove deprecated each() call
test constructors need to call parent constructor
use dataprovider in password tests
removed deprecated blowfish class
replace some var keywords
translation update
PassHash.class.php: in case of brcrypt, use the most recent variant $2y$
translation update
Fix Typo in remote API (#1938)
translation update
translation update
translation update
use 403 response on bad logins. closes#1937
Hi,
When i try to login on dokuwiki, i can brute-force login/password without any trace in apache2's logs, juste code 200 OK all right's :))
Without trace to detect login fail it's more difficult to detect Brute-Force's attacks.
After line 223 (if(!$silent) msg($lang['badlogin'], -1);) in inc/auth.php file add the following:
{ header('HTTP/1.0 404 Not Found'); }
After this, if you use ossec on your dokuwiki/apache2 server , ossec can detect multiple 400 code error on apache and so any brute force on your dokuwiki :))
Tchuss les néné !
Ivanov
The text was updated successfully, but these errors were encountered: