Announcement

Collapse
No announcement yet.

Feature request on brute force on Magento

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Feature request on brute force on Magento

    Hello,

    I just tested to brute force a Magento admin/downloader url, but was not blocked.
    We also have Comodo WAF, but either cwaf or Imunify did block the brute force attack.

    Could you please get a rule to block ip after 10 attempts within 2 minutes or something?


  • #2
    1) Please check whether brute force testing is performed from the same IP you are connecting to WHM (as it is auto-whitelisted)
    2) Were any incidents added while you were brute force testing Magento?

    Comment


    • #3
      1. I tried different IPs trough VPN and none of those had been listed on the server in anyway.
      2. No. I guess you dont have any rule for that yet.

      Comment


      • #4
        Hi Morten,

        I am sorry for turning back so late. We are working on adding the rule (internal task tracker id: DEFA-110) and will post the update 10/27/17, the latest.

        Comment


        • #5
          Thanks Oleksiy!
          But I cannot see it yet and not in 2.6.1 either...

          Comment


          • #6
            Hi Morten,

            Our dev for task DEFA-110 is on sickleave thus I regret to inform that ETA for this task was shifted to 10/3/2017.

            We will keep you updated.

            Comment


            • #7
              Any new update?

              Comment

              Working...
              X