Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin / User Login: avoid brute-force login attempts #406

Closed
YaWK opened this issue Apr 1, 2023 · 3 comments
Closed

Admin / User Login: avoid brute-force login attempts #406

YaWK opened this issue Apr 1, 2023 · 3 comments
Assignees
@YaWK
Labels
Improvement Improvement in any kind of way SECURITY Any issues corresponding to security holes
Milestone
Remove Bugs

Comments

@YaWK
Copy link
Owner

YaWK commented Apr 1, 2023
edited
Loading

Add methods to block user by ip, send admin email if possible brute force attack was detected, set timer to block logins for x minutes, probably add captcha after some failed logins
@YaWK YaWK added Improvement Improvement in any kind of way SECURITY Any issues corresponding to security holes labels Apr 1, 2023
@YaWK YaWK self-assigned this Apr 1, 2023
YaWK added a commit that referenced this issue Apr 1, 2023
@YaWK
#406: added login timer
deb3602
YaWK added a commit that referenced this issue Apr 1, 2023
@YaWK
#406: removed wrong syslog call
76c5523
YaWK added a commit that referenced this issue Apr 1, 2023
@YaWK
#406: add ban feature: more than 5 false logins in a row, user will g…
163feba 
…et banned for 60 minutes.
@YaWK
Copy link
Owner Author

YaWK commented Apr 1, 2023

If someone tries to login to the backend repeatedly with wrong credentials, user will get banned for 60 minutes. (Login Box will just not show up) - Also a login tryout without username is not possible anymore. Done for now.

@YaWK YaWK closed this as completed Apr 1, 2023
@YaWK YaWK added this to the Remove Bugs milestone Apr 2, 2023
@YaWK
Copy link
Owner Author

YaWK commented Apr 2, 2023
edited
Loading

included in build 23.4.1

YaWK added a commit that referenced this issue Apr 2, 2023
@YaWK
#406: improved ban message + syslog entry
4687830
YaWK added a commit that referenced this issue Apr 2, 2023
@YaWK
#406: added alert message when no username was entered
5c5d33a
YaWK added a commit that referenced this issue Apr 24, 2023
@YaWK
#406 added captcha to reset password form
71dcb58
YaWK added a commit that referenced this issue Apr 24, 2023
@YaWK
#406 hotfix: removed unwanted bracket
8a70da9
@YaWK
Copy link
Owner Author

YaWK commented Apr 24, 2023

build 23.4.12: added simple captcha to admin reset password form to avoid bot spam

YaWK added a commit that referenced this issue Apr 25, 2023
@YaWK
#406 fixed reset password feature, including small captcha
ee687cb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@YaWK YaWK

Labels
Improvement Improvement in any kind of way SECURITY Any issues corresponding to security holes
Projects
None yet
Milestone
Remove Bugs
Development

No branches or pull requests
1 participant
@YaWK