Brute Force Stop
Version
0.9.10 (last update on May 14, 2013)
Rating
Compatibility
Reviews
6
License
GPLv2 or later
Non-Commercial
Type
Date Added
18 January 2013
In some parts, this plugin was inspired by the following plugins: Login Failed Log, Redirect Failed Logins and Ban IP Address/Range.
A big thank you to the authors of these plugins, your work is much appreciated!
New in version 0.9.10:
- Now you can list all blocked IP addresses in the backend (and unblock them by from there). You can also enable an option to notify users if somebody tried to login with their username - and give them a link in case it was them to unblock their IP themselves).
- Translations for pt-PT and pt-BR (thanks to solrac - comproperty247(at)gmail.com).
See also the Changelog (https://github.com/codeling/bfstop/blob/master/CHANGELOG)
Great extension! It is easy to install an easy to use. With auto IP block i do not need to add custom htaccess lines anymore. Personal thanks to developers!
I sought this out because I run a server that hosts a couple hundred websites with Joomla in place. After analyzing my apache logs I noticed that brute force attempts were very common.
While my company sticks to pretty strong security policies such as never having an "admin" account and a daily password change ( yes, daily.. automated password changes ) .. I still don't like the idea of someone sending hundreds of POST requests per hour trying to break into one of our sites.
I had written a script to analyze the apache logs for x number of POST requests in an hour to ban them from the server ENTIRELY but while that's been successful.. it's had one or two false positives and it still doesn't prevent someone from getting in a hundred or so tries before the script catches them.
In comes this plugin! I love it because it's more specific, it doesn't just count POSTs per hour it counts failed login attempts in a row and allows you to temp ban them as well as get notified.. I have it set up to ban after only 4 attempts for a period of an hour which I think is fair.. I get notified so if I see abuse I can permanently ban them myself.
Great job! I'm glad I found it so I didn't have to write it myself =)
While my company sticks to pretty strong security policies such as never having an "admin" account and a daily password change ( yes, daily.. automated password changes ) .. I still don't like the idea of someone sending hundreds of POST requests per hour trying to break into one of our sites.
I had written a script to analyze the apache logs for x number of POST requests in an hour to ban them from the server ENTIRELY but while that's been successful.. it's had one or two false positives and it still doesn't prevent someone from getting in a hundred or so tries before the script catches them.
In comes this plugin! I love it because it's more specific, it doesn't just count POSTs per hour it counts failed login attempts in a row and allows you to temp ban them as well as get notified.. I have it set up to ban after only 4 attempts for a period of an hour which I think is fair.. I get notified so if I see abuse I can permanently ban them myself.
Great job! I'm glad I found it so I didn't have to write it myself =)
