EOSERV Bug Tracker > Bug #266: Login Anti-Brute Force deter

Bug #266: Login Anti-Brute Force deter

Login Anti-Brute Force deter
ID #266
Submitter Apollo
Product EOSERV
Severity Normal
Status CLOSED, FIXED
Submitted 17th Oct 2013
Updated 1st Feb 2014
Related SVN Revisions
Rev# Date Description
r392 01 Feb 2014 10:20:23 UTC Disconnect user after a set number of failed login attempts (bug #266).
Apollo Submitter 11 years, 11 weeks ago

EOSERV currently lets any connection spam password attempts as fast as the queue will allow. There should be an enforcement of attempts(config) and a disconnect afterwards. Might also be worth adding a warning to error.log when an IP triggers this so faggotry can be traced somewhat.

Comments

Sausage Developer 11 years, 9 weeks ago

Updated Status to CONFIRMED

Sausage Developer 10 years, 48 weeks ago

Fixed in r392. MaxLoginAttempts configures number of attempts before disconnecting, and IPReconnectLimit will enforce the throttling.

Updated Status to CLOSED, FIXED

Add Comment

Please don't post unless you have something relevant to the bug to say.
Do not comment to say "thanks" or "fix this please".

Please log in to add comments. EOSERV Bug Tracker > Bug #266: Login Anti-Brute Force deter