The component included in the package will allow you to view the blocked IP addresses and manage them, manage whitelists of IP addresses which will never be blocked, viewing failed log attempts and testing the notification.
New in Version 1.2.0:
- IP(v4) subnet support for whitelisting and blocks (when manually entered in CIDR suffix notatation)
- multiple notification recipients
- smaller fixes
For a full list of changes in each version see the Changelog at https://github.com/codeling/bfstop/blob/master/CHANGELOG
- pt-PT/pt-BR translations and various fixes by solrac (comproperty247(at)gmail.com)
- ca-ES translations by nouespai
- fr-FR translations by Flying_Lolo
- nl-NL translations and various fixes by Rob van Baal (info(at)fischertechnikclub.nl/http://www.fischertechnikclub.nl)
- es-ES translations by Aimagen (info(at)aimagen.com)
- ru-RU translations by Raven (ravencrow(at)mail.ru)
- it-IT translations and various fixes by Stefano Buscaglia (info(at)binarioetico.org/http://www.binarioetico.org)
- old nl-NL translations by Agrusoft
Thank you very much for your feedback! Suggestions for language changes are always welcome. Being a developer, it is hard for me to think as a sitebuilder and/or marketer. I would therefore be very glad to hear more about your suggestions! Please contact me via mail (firstname.lastname@example.org) or report an issue (https://github.com/codeling/bfstop/issues) if you're interested in contributing!
Thanks for your favourable review! A whitelist (for single IP addresses) is now available with version 1.1.0!
Thanks for this great plugin.
Also, somehow I ended up blocking myself from the frontend when I put in the settings frontend/backend. I did not have failed logins and am not sure how I got blocked. But regardless, I went into the database and deleted my ip entry and it is still blocking me.
Not sure what happened nor why it is not unblocking me.
Thanks for taking the time to write a review!
Regarding your problems with my extension, I would ask you to file a bug report at https://github.com/codeling/bfstop/issues, or to contact me at email@example.com so that we can discuss further steps to resolve these!
Furthermore I'm not sure I understand your comment about the removal of blocked IPs from the failed login section - the failed login list is supposed to be a log of all failed login attempts; one of its main purposes is to allow the administrator to see why an IP was blocked. If entries are removed from there once an IP is blocked, the administrator would have no opportunity to check these anymore! By the way there is a pending enhancement request to remove old entries (https://github.com/codeling/bfstop/issues/37). If this is not what you had in mind (and also for other enhancement you think necessary), please go ahead and file a feature request (as an issue, also at https://github.com/codeling/bfstop/issues)! I can't guarantee that they will be implemented, but such requests will definitely be considered for future versions!
Having said that, I can confirm the issue with Joomla 3.1.4 - uninstall it before upgrading Joomla. Hoping an update to BFStop isn't long in the pipeline. i will certainly installing it :-)
I like bfstop for my sites where I didn't want to change URL because re-training users wasn't worth the pain.
The ability to tune the notification frequency and when an IP is blocked is great.
I like that he warns you also if you have your super admin set to "admin" and the newer additions of the administration component to view which IPs are block and the usernames they tried.
For straight up brute force protection, this is best extension out there.
Works instantly in real time on 2.5 sites using the standard Joomla login, on Community Builder sites I'm using the CB Antispam plugin instead.
Put it on your must-have list, because it is a must have once you see what's happening on your website's login.
While my company sticks to pretty strong security policies such as never having an "admin" account and a daily password change ( yes, daily.. automated password changes ) .. I still don't like the idea of someone sending hundreds of POST requests per hour trying to break into one of our sites.
I had written a script to analyze the apache logs for x number of POST requests in an hour to ban them from the server ENTIRELY but while that's been successful.. it's had one or two false positives and it still doesn't prevent someone from getting in a hundred or so tries before the script catches them.
In comes this plugin! I love it because it's more specific, it doesn't just count POSTs per hour it counts failed login attempts in a row and allows you to temp ban them as well as get notified.. I have it set up to ban after only 4 attempts for a period of an hour which I think is fair.. I get notified so if I see abuse I can permanently ban them myself.
Great job! I'm glad I found it so I didn't have to write it myself =)