Tweet
Hi,
I have following auth config in my config-internal.php
I receive many bruteforce attacks from different IPs for the same username, where each trial starts next minute, which is kinda expected, as my period for username brute is 60 secs
I don't want to decrease the failed attempts number not to make things harder for the legitimate user, and I don't want to decrease the period either, as this will not really help against bruteforce kiddies, but will significantly harden the life for legit users, who could be distracted and who sometimes do mistakes.
Is there any way to block auth attempts for a username indefinitely after 10 consecutive TOTAL failed attempts? This pattern is highly unlikely with the legit users, and even if it happens, they can always reach me to unlock the user.
I have following auth config in my config-internal.php
Code:
'authUsernameFailedAttemptsLimitEnabled' => true, 'authMaxUsernameFailedAttemptNumber' => 3, 'authUsernameFailedAttemptsPeriod' => '60 seconds', 'authUsernameFailedAttemptsDelay' => 5
I don't want to decrease the failed attempts number not to make things harder for the legitimate user, and I don't want to decrease the period either, as this will not really help against bruteforce kiddies, but will significantly harden the life for legit users, who could be distracted and who sometimes do mistakes.
Is there any way to block auth attempts for a username indefinitely after 10 consecutive TOTAL failed attempts? This pattern is highly unlikely with the legit users, and even if it happens, they can always reach me to unlock the user.
Comment