[Plugin: Login Security Solution] Not seeing slowdown during brute force attack [0.20.2]?

  • Resolved bbeoj

    (@bbeoj)


    12 years, 3 months ago

    Let me start by saying that the attack was unsuccessful, in part due to the strong passwords enforced by this plugin.

    I’m using 0.20.2, and during an attack this weekend that lasted 2 and a half hours there were 1000 login attempts with only 9 to 12 seconds between each attempt.

    I received 50 emails – I expected that the attack would be slowed down more…?

    I can send any logs you need if you would like to take a look.

    Thanks!

    https://www.ads-software.com/extend/plugins/login-security-solution/

Viewing 1 replies (of 1 total)
  • Plugin Author Daniel Convissor

    (@convissor)

    Hi bbeoj:

    The attackers were using multiple processes against you. If the slowdown wasn’t there, they would have gotten in multiple requests per second.

    Testing on my local dev box with valid auth credentials produces about 8 hits per second, which would add up to about 72,300 attempts in 2.5 hours. You only had 1,000.

    Thanks for the report,

    –Dan

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: Login Security Solution] Not seeing slowdown during brute force attack [0.20.2]?’ is closed to new replies.