logo

Introduction

Site Security

This plugin provides means to avert Brute-Force-Attacks on your Joomla-Installation. For this purpose, the plugin stores information on failed login attempts, so that when reaching a configurable number of such failed login attempts the attacker's IP address can be blocked. Furthermore, you can configure notifications about failed logins and blocked IP addresses, as well as a configurable (optionally even adaptive) delay for a failed login attempt.

  • Get this
  • Favourite
  • Report

The component included in the package will allow you to view the blocked IP addresses and manage them, manage whitelists of IP addresses which will never be blocked, viewing failed log attempts and testing the notification.

New in Version 1.3.0:
- Allow showing IP address in blocked message
- Show hint to use reset password functionality
- small fixes

For a full list of changes in each version see the Changelog at https://github.com/codeling/bfstop/blob/master/CHANGELOG

Contributors:
- pt-PT/pt-BR translations and various fixes by solrac (comproperty247(at)gmail.com)
- ca-ES translations by nouespai
- fr-FR translations by Flying_Lolo
- nl-NL translations and various fixes by Rob van Baal (info(at)fischertechnikclub.nl/http://www.fischertechnikclub.nl)
- es-ES translations by Aimagen (info(at)aimagen.com)
- ru-RU translations by Raven (ravencrow(at)mail.ru)
- it-IT translations and various fixes by Stefano Buscaglia (info(at)binarioetico.org/http://www.binarioetico.org)
- old nl-NL translations by Agrusoft


Functionality

Great

Ease of use

Great

Support

n/a, we did not need support

Documentation

Excellent

I used this to: Our scanOpenLevel customer support web site

Functionality

very good

Ease of use

very easy

Support

good

Documentation

very good

I used this to: block brute force

Fantastic


Posted on 04 June 2016
Functionality

Works as advertised. User notification is superb.

Ease of use

Install to fully configured and tested was 6 minutes. Couldn't as for better.

Support

Not necessary

Documentation
I used this to: Controlling front end-brute force attacks.

newbie


Posted on 14 May 2016
Functionality

10/10

Ease of use

9/10

Support

10/10

Documentation

I just want to ask how to execute this. I have no idea. I'm not a web developer. Thanks!

configure and publish the "System - Brute Force St

I used this to: Blocking login attempt.
Owner's reply: Typically the default settings are sufficient, you just need to make sure the plugin is enabled. Do this via Extensions -> Plugins, there search e.g. for "Brute Force", then toggle the "status" column until a green check mark is shown.

For more questions, please use the issue tracker over at https://github.com/codeling/bfstop/issues.

Functionality

Does what it is made for

Ease of use

Would be helpfull to have the password logged as well

Documentation

Not always obviopus what it really does

I used this to: To understand how many people try attack the backend
Owner's reply: Thanks for your favorable review!

Regarding storing the password, please see here: https://github.com/codeling/bfstop/wiki/FAQ#why-dont-i-see-the-password-from-the-attempted-login

As for the documentation: Do you have any suggestion how things could be made better understandable? One tends to get a bit blind to such things when working a long time with it, so I'd love to hear suggestions! The ideal place for them would be the issue tracker on github: https://github.com/codeling/bfstop/issues

Brute Force works


Posted on 17 October 2015
Functionality

Works as described - thank you

Ease of use

For a non-developer this plugin was easy to download and install, configure and use. Already a number of IP's blocked.

Support

None needed so far :)

Documentation

Not needed but it is available

I used this to: Picking up unwanted visitors to my administrator login

Functionality

This extension presumes that all brute force attacks come from a single IP address. That's just not typical of the attacks I see.

Ease of use

Not a problem to use.

Owner's reply: Hi and thanks for your review!
True, bfstop in its current form does not provide real protection against distributed attacks. I've also seen increased numbers of those, so there are some plans from my side to implement some countermeasures, see https://github.com/codeling/bfstop/issues/76 . If you have any further suggestions how this could be dealt with better, I would love to hear them!

Functionality

Attackers get 3 knocks at my administrative login, and then they have to wait 5 minutes. Foils automated brute force attacks.

Ease of use

Simply install, and set 2 config options.

I used this to: Stop automated brute force attacks so my server logs don't fill up and become huge.

Nice plugin


Posted on 27 June 2015
Functionality

Practical, everyone should use, BUT I would also like to see the password the user tried to use to login.

Ease of use

Weird the settings tab tests emails, weird the settings tab tests emails. If there are no settings it shouldn't have a title of settings

Owner's reply: Thanks for your review, and sorry for taking such a long time to get back to you on the points you mention.
As for seeing the password of the attempt, since I've also been asked this per mail already, I've asked an FAQ entry about it, see https://github.com/codeling/bfstop/wiki/FAQ#why-dont-i-see-the-password-from-the-attempted-login

Regarding the settings tab: The plan is to move all the settings there, see https://github.com/codeling/bfstop/issues/88 . Will be included in one of the next bfstop versions, probably 1.4!

Functionality

Great!!

Ease of use

As easy as counting 1-2-3..

Support
I used this to: I use this for all my sites...
Owner's reply: Thanks very much for taking the time to write a review!
One quick question regarding your support rating - did you have any problems that weren't solved? In case of bugs or questions please open an issue at https://github.com/codeling/bfstop/issues and I'll try my best to help!

Brute Force Stop

Version:
1.3.0
Developer:
Bernhard Froehler
Last updated:
Jun 04 2015
Date added:
Nov 19 2014
License:
GPLv2 or later
Type:
Free download
Uses updater:
Includes:
Compatibility:
Download DemoNot available Support Documentation
  • Overall
  • Functionality

  • Ease of use

  • Documentation

  • Support