Does this currently in place?

I'm not so clear on "Request Time delay: On any failed login, a time delay is included to the submit
request, hardenning any bruteforce attack to the login form." i don't think it's the same thing as my support issue here?

Comments

ilo’s picture

ilo commented

There is a soft-blocking feature, that will render the login form useless when a host is trying to submit several passwords. This is a temporary login block, but not for a single user, but a host.

From the readme:

- Invalidate login form submission: when the soft-block protection flag is
enabled the login form is never submited, and any new login request will
fail, but the host could still access the site.

Is this what you are looking for?

najibx’s picture

najibx commented

I think Track time:
(Enter the time that each failed login attempt is kept for future computing)
is an answer to for soft-block protection.

Say I put 1 hour, within an hour any re-login try is ignored and only after 1 hour, visitor able to login again... Likewise, if I put 24 hours, only the next day visitor can login again.

thus a temporary blocking to login attempt i was looking for. right?

ilo’s picture

ilo commented
Status: Active » Fixed

I guess you found a solution for you problem, please, reopen it if the issue is not fixed for you.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.