Brute force protection
Hi, I am using v3.3. Wondering how we can stop people trying a lot of passwords to get into the admin panel. Thanks.
0
Hi, I am using v3.3. Wondering how we can stop people trying a lot of passwords to get into the admin panel. Thanks.
Comments
Vanilla rate limits logins by default. If the admin password is not weak, brute forcing it should be unfeasible.
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS
Thanks. I didn't see any settings in the Dashboard. That is why I asked.
Brute-force password attacks:
Vanilla uses a rate-limiting system that throttles password attempts to once per second for every username attempted or IP address origin. We explicitly do not employ a "lock out" system. Throttling to once per second ensures that no reasonably complex password can be brute-forced on any reasonable timescale. We are currently satisfied with our throttling strategy.
From: https://hackerone.com/vanilla?type=team
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS
Thanks. :)