Security update - brute force protection #10
edmozley
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Had fun building an IP ban feature to mitigate brute force attacks. 5 attempts with either non-existent or locked account gets you banned for 24 hours. Next day you get just 4 chances, then 3 and so on.
Certain username guesses e.g. root, superuser etc will result in insta-ban!
If you guess usernames from different IPs, this will also be picked up and the IP addresses banned for 24 hours.
Beta Was this translation helpful? Give feedback.
All reactions