Can Brute Force Or Dictionary Attacks Be Prevented.

I know that with bank logins it's usually 3 strikes and your account is frozen

for a certain period of time.

How come CS-Cart and most other login systems don't have this measure ?

Easier said than done I guess.

Just curious.

Try this

Thanks johnbol1.

My problem is that my IP is dynamic so I could find myself locked out…lol

Secondly I was more curious about how dictionary and bf attacks are prevented

generally as in bank logins where you only get 3 shots before your account gets locked.

These could be set VIA whm if your on dedicated I think

Shared server and dynamic IP address.

Oh well…I was just curious.

I believe cs-cart used to handle this back in V2 by storing the number of failed login attempts in the user's session and if if exceeded some setting value (5 if I recall) then any further attempts would be blocked for some period of time (like 15 minutes). Each failed attempt had a builtin delay by sleeping for 10 seconds between attempts. It would be a relatively easy mod to make. However, a smart hacker would use a different IP for each attempt (rotating though many) which would cause a separate session for each.

It's the Access Restrictions addon which is still available in 4.x.

DOH !! Thanks TT.

I am still using 3.0.6

Access Restrictions now configured.

Attempts from multiple IP's can get around it but at least

each IP will only get 5 attempts and not zillions.

Thanks again.

Memory ain't what it used to be. Must be a social media attack. Too much worthless information taking up space! 😊

tbirnseth…all's well that ends well.