Current time: 11-16-2024, 11:30 PM Hello There, Guest! (LoginRegister)


Post Reply 
Captcha bruteforce protection for ispCP CP login
Author Message
fulltilt Offline
Member
***

Posts: 1,225
Joined: Apr 2007
Reputation: 5
Post: #1
Captcha bruteforce protection for ispCP CP login
Captcha bruteforce (login bot) protection
it is not enough just to block the IP of the attacker if he has a large IP pool and they are constantly changing
this modification displays the login form only if a valid captcha has been sent

- captcha w/ md5 & secret
- set own captcha cookie
- cookie valid for 1 minute
- coookie will be deleted if passed the check
- no reloads possible on login form

you should change the secret in index.php & captcha.php (use same secret in both files)
$secret = '123456789';

1. copy captcha.tpl & captcha_message.tpl to:
/var/www/ispcp/gui/themes/

2. copy captcha.php, index.php & tahoma.ttf to:
/var/www/ispcp/gui/

3. set permissions
/var/www/ispcp/engine/setup/set-gui-permissions.sh


Attached File(s)
.zip  ispcp-captcha.zip.zip (Size: 210.72 KB / Downloads: 5)
(This post was last modified: 10-19-2012 08:56 PM by fulltilt.)
10-17-2012 06:00 PM
Find all posts by this user Quote this message in a reply
jakub.artur Offline
Junior Member
*

Posts: 30
Joined: Sep 2010
Reputation: 0
Post: #2
RE: Captcha bruteforce protection for ispCP CP login
hi
also can modify Captcha to version 1.6.0 ?

I used the Captcha panel that also was active in another function , the link to see their application http://www.panel.redehost.pl/poczta/
(This post was last modified: 11-13-2012 03:16 AM by jakub.artur.)
11-13-2012 03:07 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 2 Guest(s)