Subscribe 12

Brute-force Protection of the login system

Login forms of online systems are very easy targets for brute force attacks - attacks designed to go through all possible values for a password to "guess" the correct one.

The method I am suggesting is one in which login attempts are queued.

Detailed description:

There are alternative solutions to this, but they aren't always very effective and some are implemented badly. By queuing login attempts, only one attempt is processed at a time, therefore makes brute forcing very hard.

This single file can be installed by placing it in the addons/ directory of FluxBB 1.5.8 or above. No additional configuration is required and the database table is created automatically on the first login attempt.

For more information on how it works, please refer to the link to the discussion thread below.

Recent version

  • Supports FluxBB: 1.5.8