+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: General discussion (/forum-11.html)
+--- Thread: Protect passchange page against bruteforce attack (/thread-11302.html)
Protect passchange page against bruteforce attack - bepe - 08-04-2010 09:51 PM
Hello,
I'm gonna use dolomike's script for client-side passchange:
http://isp-control.net/documentation/howto:miscellaneous:e-mail_ftp_sq_password_changer?s[]=change&s[]=password
but I have doubts.
Since it is unprotected against brute force cracking, I'd like to implement ISPCP's protection method (N seconds between attempts, IP ban after 3 unsuccessful attempts) for it.
How can I do that, or can my users change their password within an already protected ISPCP environment? (e.g inside webmail or other interfaces)
If there was any documentation about this, please point me to the right direction.
Thank you.
B.
RE: Protect passchange page against bruteforce attack - kilburn - 08-05-2010 12:41 AM
Check this thread.