<![CDATA[FrontAccounting forum — Weak Brute Force Protection?]]>2020-12-27T14:26:22ZPunBBhttps://frontaccounting.com/punbb/viewtopic.php?id=9126<![CDATA[Re: Weak Brute Force Protection?]]>I recommend fail2ban on the server side for bruteforce detection and rejection via iptables. It can detect repeated access of the login page and x accesses in n seconds will trigger the ban.]]>https://frontaccounting.com/punbb/profile.php?id=194472020-12-27T14:26:22Zhttps://frontaccounting.com/punbb/viewtopic.php?pid=38832#p38832<![CDATA[Re: Weak Brute Force Protection?]]>Check this topic, it might help https://frontaccounting.com/punbb/viewtopic.php?pid=19097#p19097
Check code at function preventHijacking()
Do not forget to share with us any findings. Thks.
]]>https://frontaccounting.com/punbb/profile.php?id=16402020-12-23T16:16:03Zhttps://frontaccounting.com/punbb/viewtopic.php?pid=38815#p38815<![CDATA[Weak Brute Force Protection?]]>When I did a test on Brute Force protection, I found that the protection consists of disabling the submit form button in HTML. Is that really all or is there a server-side protection? After all, nobody does the Brute Force attack manually through the browser.]]>https://frontaccounting.com/punbb/profile.php?id=458452020-12-23T06:14:10Zhttps://frontaccounting.com/punbb/viewtopic.php?pid=38811#p38811