I know that with bank logins it’s usually 3 strikes and your account is frozen
for a certain period of time.
How come CS-Cart and most other login systems don’t have this measure ?
Easier said than done I guess.
Just curious.
Try this
Thanks johnbol1.
My problem is that my IP is dynamic so I could find myself locked out…lol
Secondly I was more curious about how dictionary and bf attacks are prevented
generally as in bank logins where you only get 3 shots before your account gets locked.
These could be set VIA whm if your on dedicated I think
Shared server and dynamic IP address.
Oh well…I was just curious.
I believe cs-cart used to handle this back in V2 by storing the number of failed login attempts in the user's session and if if exceeded some setting value (5 if I recall) then any further attempts would be blocked for some period of time (like 15 minutes). Each failed attempt had a builtin delay by sleeping for 10 seconds between attempts. It would be a relatively easy mod to make. However, a smart hacker would use a different IP for each attempt (rotating though many) which would cause a separate session for each.
It's the Access Restrictions addon which is still available in 4.x.
DOH !! Thanks TT.
I am still using 3.0.6
Access Restrictions now configured.
Attempts from multiple IP's can get around it but at least
each IP will only get 5 attempts and not zillions.
Thanks again.
Memory ain't what it used to be. Must be a social media attack. Too much worthless information taking up space! 😊
tbirnseth…all's well that ends well.