Bug #266: Login Anti-Brute Force deter
ID | #266 |
---|---|
Submitter | Apollo |
Product | EOSERV |
Severity | Normal |
Status | CLOSED, FIXED |
Submitted | 17th Oct 2013 |
Updated | 1st Feb 2014 |
Rev# | Date | Description |
---|---|---|
r392 | 01 Feb 2014 10:20:23 UTC | Disconnect user after a set number of failed login attempts (bug #266). |
11 years, 11 weeks ago
EOSERV currently lets any connection spam password attempts as fast as the queue will allow. There should be an enforcement of attempts(config) and a disconnect afterwards. Might also be worth adding a warning to error.log when an IP triggers this so faggotry can be traced somewhat.
Comments
11 years, 9 weeks ago
Updated Status to CONFIRMED
10 years, 48 weeks ago
Fixed in r392. MaxLoginAttempts configures number of attempts before disconnecting, and IPReconnectLimit will enforce the throttling.
Updated Status to CLOSED, FIXED
Add Comment
Please don't post unless you have something relevant to the bug to say.
Do not comment to say "thanks" or "fix this please".
Please log in to add comments. EOSERV Bug Tracker > Bug #266: Login Anti-Brute Force deter