Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By cantthinkofanickname on
I see that my site regularly gets attempts to login to admin and register. Although I have strong passwords and no registration allowed it concerns me that I should take further action (maybe use a further module to improve security or something).
I would appreciate some expert feedback on this subject.
Comments
_
I believe you can do some apache rewrite foo to make sure only certain referrers can get to the /user page-- check the apache docs. There's also some modules in the user authentication section of module downloads that might be useful (ie blacklist and restrict_by_ip).
Thanks, I do have Captcha
Thanks, I do have Captcha with a simple maths problem. Is this sufficient to stop auto logons?