Weak Brute Force Protection?

Muhammed Ali Kösen · 12/23/2020 06:14:10 am

Muhammed Ali Kösen
New member
Offline

From: Turkey, Tonya
Registered: 12/23/2020
Posts: 1

Topic: Weak Brute Force Protection?

When I did a test on Brute Force protection, I found that the protection consists of disabling the submit form button in HTML. Is that really all or is there a server-side protection? After all, nobody does the Brute Force attack manually through the browser.

albertolima · 12/23/2020 04:16:03 pm

albertolima
Senior Member
Offline

From: Equatorial Guinea, France, USA
Registered: 08/21/2010
Posts: 55

Re: Weak Brute Force Protection?

Check this topic, it might help https://frontaccounting.com/punbb/viewtopic.php?pid=19097#p19097

Check code at function preventHijacking()

Do not forget to share with us any findings. Thks.

cambell · 12/27/2020 02:26:22 pm

cambell
Senior Member
Offline

From: New Zealand, Wellington
Registered: 06/19/2014
Posts: 128

Re: Weak Brute Force Protection?

I recommend fail2ban on the server side for bruteforce detection and rejection via iptables. It can detect repeated access of the login page and x accesses in n seconds will trigger the ban.

Cambell https://github.com/cambell-prince

Weak Brute Force Protection?

Posts: 3

1 Topic by Muhammed Ali Kösen 12/23/2020 06:14:10 am

Topic: Weak Brute Force Protection?

2 Reply by albertolima 12/23/2020 04:16:03 pm (edited by albertolima 12/23/2020 04:17:00 pm)

Re: Weak Brute Force Protection?

3 Reply by cambell 12/27/2020 02:26:22 pm

Re: Weak Brute Force Protection?

Posts: 3