+- MN Forum (http://forum.mn-shop.com)
+-- Forum: Products (http://forum.mn-shop.com/forum-products.html)
+--- Forum: Mods & Customisations (http://forum.mn-shop.com/forum-mods-customisations.html)
+---- Forum: Paid modules (http://forum.mn-shop.com/forum-paid-modules.html)
+---- Thread: User account security module (/thread-user-account-security-module.html)
User account security module - luisfer91 - 11-04-2013
Hi I coded a module which will block user account if there are more than 5 wrong attempts to enter in an account. ThE reason i coded this is because The script is vulnerable to brute forcé attacks in login, ive had several accounts which have been stolen.
This module prevents from accounts being stolen And blocks them after 5 attempts making the user have to use The forgot password page to access again to their account.
Im selling this module for 15$, comes with documentation and videotutorial in phpmyadmin to create a new column in users table
RE: User account security module - Galaxian - 11-05-2013
I really hope that this gets added to the original script...
RE: User account security module - Mezo - 11-05-2013
@Galaxian i hope it too
RE: User account security module - Daxter - 02-13-2015
Hello,
Was added on v2.1.0
Regards!
RE: User account security module - sultime - 02-13-2015
(02-13-2015, 06:03 AM)Daxter Wrote: Hidden content for guests
This is correct
RE: User account security module - igrok0075 - 02-13-2015
(02-13-2015, 06:03 AM)Daxter Wrote: Hidden content for guestsBlock on time ?, not amuse !, proxy to bypass such protection. When you just need to change ip, asking a security question.
RE: User account security module - Damasc - 02-13-2015
Hello,
Such a system have big disadvantages, if somebody wants to harm your website, in just few minutes it can make all your users to need to change their passwords. A big part from those users will hate this thing and will no longer activate on your site, in short time you will lose almost all your active users. Use it carefully!
RE: User account security module - Daxter - 02-13-2015
(02-13-2015, 08:07 AM)igrok0075 Wrote: Hidden content for guests
I'm certainly agree with you! Brute-force attacks are surprisingly difficult to stop completely, they are easy to detect because each failed login attempt records an HTTP 401 status code in your server logs. It is important to monitor your log files for brute-force attacks in particular, the intermingled 200 status codes that mean the attacker found a valid password. Also we can prevent brute-force attack by using a captcha code. Anyway, with this new feature in PES Pro you can limit your exposure to these attacks. This is just the beginning. Perhaps the admin will develop this tools in better way in the future.
Regards!