Announcement

Collapse
No announcement yet.

Feature request on brute force on Magento

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Feature request on brute force on Magento

    Hello,

    I just tested to brute force a Magento admin/downloader url, but was not blocked.
    We also have Comodo WAF, but either cwaf or Imunify did block the brute force attack.

    Could you please get a rule to block ip after 10 attempts within 2 minutes or something?

    https://magento.com/security/best-practices/protect-your-magento-installation-password-guessing-new-update
    Tags: None
  • #2
    1) Please check whether brute force testing is performed from the same IP you are connecting to WHM (as it is auto-whitelisted)
    2) Were any incidents added while you were brute force testing Magento?

    Comment

    • #3
      1. I tried different IPs trough VPN and none of those had been listed on the server in anyway.
      2. No. I guess you dont have any rule for that yet.

      Comment

      • #4
        Hi Morten,

        I am sorry for turning back so late. We are working on adding the rule (internal task tracker id: DEFA-110) and will post the update 10/27/17, the latest.

        Comment

        • #5
          Thanks Oleksiy!
          But I cannot see it yet and not in 2.6.1 either...

          Comment

          • #6
            Hi Morten,

            Our dev for task DEFA-110 is on sickleave thus I regret to inform that ETA for this task was shifted to 10/3/2017.

            We will keep you updated.

            Comment

            • #7
              Any new update?

              Comment

              Previous template Next
              Working...
              X