+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Contributions Area (/forum-40.html)
+--- Forum: Enhancements (/forum-43.html)
+--- Thread: Captcha bruteforce protection for ispCP CP login (/thread-16340.html)
Captcha bruteforce protection for ispCP CP login - fulltilt - 10-17-2012 06:00 PM
Captcha bruteforce (login bot) protection
it is not enough just to block the IP of the attacker if he has a large IP pool and they are constantly changing
this modification displays the login form only if a valid captcha has been sent
- captcha w/ md5 & secret
- set own captcha cookie
- cookie valid for 1 minute
- coookie will be deleted if passed the check
- no reloads possible on login form
you should change the secret in index.php & captcha.php (use same secret in both files)
$secret = '123456789';
1. copy captcha.tpl & captcha_message.tpl to:
/var/www/ispcp/gui/themes/
2. copy captcha.php, index.php & tahoma.ttf to:
/var/www/ispcp/gui/
3. set permissions
/var/www/ispcp/engine/setup/set-gui-permissions.sh
RE: Captcha bruteforce protection for ispCP CP login - jakub.artur - 11-13-2012 03:07 AM
hi
also can modify Captcha to version 1.6.0 ?
I used the Captcha panel that also was active in another function , the link to see their application http://www.panel.redehost.pl/poczta/