Temporarily blocked for logins (Change time limit?) (General)

by Magma, Friday, September 16, 2016, 13:07 (2750 days ago)

When you fail to login after the third attempt you get blocked for I think 5-10 minutes. Is there a way for admin to increase this time limit?

Avatar

Temporarily blocked for logins (Change time limit?)

by Auge ⌂, Tuesday, September 20, 2016, 15:05 (2746 days ago) @ Magma

Hello

When you fail to login after the third attempt you get blocked for I think 5-10 minutes. Is there a way for admin to increase this time limit?

In the advanced settings page you can switch on and off this function with the setting temp_block_ip_after_repeated_failed_logins. On the other hand, there is no possibility to set the period. But you can set it in the code. There is only one place, where an IP is not saved in or read from the database but is deleted.

Open includes/login.inc.php and go – in the actual version 2.3.6.1 – to line 40. There is the only place, where the IP-entries are deleted from the database. There is the hardcoded lifetime period of banned IPs. Change the time (INTERVAL 10 MINUTE) in the WHERE-clause.

"DELETE FROM ".$db_settings['login_control_table']." WHERE time < (NOW()-INTERVAL 10 MINUTE)"

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Temporarily blocked for logins (Change time limit?)

by Magma, Tuesday, September 20, 2016, 23:46 (2746 days ago) @ Auge

Thanks, did what you said and it works perfectly.

Avatar

Temporarily blocked for logins (Change time limit?)

by Auge ⌂, Wednesday, October 05, 2016, 18:56 (2731 days ago) @ Magma

Hello

When you fail to login after the third attempt you get blocked for I think 5-10 minutes. Is there a way for admin to increase this time limit?

With the new version 2.3.7 (at the moment in beta stage) you are able to change the setting in the advanced-settings-page. The setting temp_block_ip_after_repeated_failed_logins, I mentioned in my other entry, changed from an off-on-switch (value 0 or 1) to an off-timesetting-switch (value 0 for off or > 0 (time in minutes)).

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

RSS Feed of thread