<![CDATA[FrontAccounting forum — Weak Brute Force Protection?]]> https://frontaccounting.com/punbb/viewtopic.php?id=9126 Sun, 27 Dec 2020 14:26:22 +0000 PunBB <![CDATA[Re: Weak Brute Force Protection?]]> https://frontaccounting.com/punbb/viewtopic.php?pid=38832#p38832 I recommend fail2ban on the server side for bruteforce detection and rejection via iptables. It can detect repeated access of the login page and x accesses in n seconds will trigger the ban.

]]> Sun, 27 Dec 2020 14:26:22 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=38832#p38832 <![CDATA[Re: Weak Brute Force Protection?]]> https://frontaccounting.com/punbb/viewtopic.php?pid=38815#p38815 Check this topic, it might help  https://frontaccounting.com/punbb/viewtopic.php?pid=19097#p19097

Check code at function preventHijacking()

Do not forget to share with us any findings. Thks.

]]> Wed, 23 Dec 2020 16:16:03 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=38815#p38815 <![CDATA[Weak Brute Force Protection?]]> https://frontaccounting.com/punbb/viewtopic.php?pid=38811#p38811 When I did a test on Brute Force protection, I found that the protection consists of disabling the submit form button in HTML. Is that really all or is there a server-side protection? After all, nobody does the Brute Force attack manually through the browser.

]]> Wed, 23 Dec 2020 06:14:10 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=38811#p38811