Ticket #113 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

Login attempts aren't grouped

Reported by: hannes Assigned to: hannes
Priority: normal Milestone: 5.1.1
Component: General Version: 5.1
Severity: critical Keywords:
Cc: Pending: 0

Description

includes/config/logins.php contains just a virtually unlimited number of virtually identical lines

Change History

2009-04-25 11:07:25 changed by hannes

  • status changed from new to assigned.

2009-04-25 11:16:27 changed by hannes

The grouping works, but there is no file locking, because that would increase execution time too much. That is why login attempts which arrive at the virtually identical time aren't grouped. Unfortunately, that is common practice of brute force bots which is exactly what should be prevented by this method.

Possible alternative: Store in a database table?

2009-05-10 16:04:52 changed by hannes

  • status changed from assigned to closed.
  • resolution set to fixed.

fixed in changeset [262]