[Plugin: Limit Login Attempts] Can a hacker fake the IP address and get past this blocker?

  • Resolved MNL345

    (@mnl345)


    13 years, 8 months ago

    I’ve heard that hackers can falsify their IP address or even leave it blank so the server cannot read anything. Would this plugin be able to detect a number of invalid attempts on a single login name if they came from multiple, sufficiently diverse IP addresses? If not, could you please include in the next version this additional ability?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor johanee

    (@johanee)

    No, they cannot use a false IP address to make login attempts.

    As for an attempt using a large number of IP addresses (many computers): it doesn’t really help the attacker much as long as you have a good password (12+ truly random characters). We’re talking age of the universe time-frames here.

    Vezado

    (@vezado)

    They could use a proxy, tor or other anonymizing service to access the site from different addresses, but as johanee stated the most important thing is having a good password that makes brute forcing a password essentially impossible.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: Limit Login Attempts] Can a hacker fake the IP address and get past this blocker?’ is closed to new replies.