HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Brute force protection
Hi, I am using v3.3. Wondering how we can stop people trying a lot of passwords to get into the admin panel. Thanks.
0
Comments
Vanilla rate limits logins by default. If the admin password is not weak, brute forcing it should be unfeasible.
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS
Thanks. I didn't see any settings in the Dashboard. That is why I asked.
Brute-force password attacks:
Vanilla uses a rate-limiting system that throttles password attempts to once per second for every username attempted or IP address origin. We explicitly do not employ a "lock out" system. Throttling to once per second ensures that no reasonably complex password can be brute-forced on any reasonable timescale. We are currently satisfied with our throttling strategy.
From: https://hackerone.com/vanilla?type=team
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS
Thanks. :)