mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-25 20:45:16 +02:00
Code Issues Releases Wiki Activity

[ticket/9992] Adding a limit on login attempts per IP.

Browse Source 
A new table was created to save all failed login attempts with
corresponding information on username, ip and useragent. By default
the limit is 50 login attempts within 6 hours per IP. The limit is
relatively high to avoid big problems on sites behind a reverse
proxy that don't receive the forwarded-for value as REMOTE_ADDR but
see all users as coming from the same IP address. But if these
users run into problems a special forwarded-for option is available
to limit logins by forwarded-for value instead of ip.

PHPBB3-9992
This commit is contained in:
Nils Adermann
2011-06-10 12:02:59 +02:00
parent fc9b126691
commit 2dee57fd43
17 changed files with 343 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
phpBB/language/en/acp/board.php
View File

@ -458,12 +458,18 @@ $lang = array_merge($lang, array(
'FORM_TIME_MAX_EXPLAIN' => 'The time a user has to submit a form. Use -1 to disable. Note that a form might become invalid if the session expires, regardless of this setting.',
'FORM_SID_GUESTS' => 'Tie forms to guest sessions',
'FORM_SID_GUESTS_EXPLAIN' => 'If enabled, the form token issued to guests will be session-exclusive. This can cause problems with some ISPs.',
'FORWARDED_FOR_VALID' => 'Validated <var>X_FORWARDED_FOR</var> header',
'FORWARDED_FOR_VALID' => 'Validate <var>X_FORWARDED_FOR</var> header',
'FORWARDED_FOR_VALID_EXPLAIN' => 'Sessions will only be continued if the sent <var>X_FORWARDED_FOR</var> header equals the one sent with the previous request. Bans will be checked against IPs in <var>X_FORWARDED_FOR</var> too.',
'IP_VALID' => 'Session IP validation',
'IP_VALID_EXPLAIN' => 'Determines how much of the users IP is used to validate a session; <samp>All</samp> compares the complete address, <samp>A.B.C</samp> the first x.x.x, <samp>A.B</samp> the first x.x, <samp>None</samp> disables checking. On IPv6 addresses <samp>A.B.C</samp> compares the first 4 blocks and <samp>A.B</samp> the first 3 blocks.',
'MAX_LOGIN_ATTEMPTS' => 'Maximum number of login attempts',
'MAX_LOGIN_ATTEMPTS_EXPLAIN' => 'After this number of failed logins the user needs to additionally solve the anti-spambot task.',
'IP_LOGIN_LIMIT_MAX' => 'Maximum number of login attempts per IP address',
'IP_LOGIN_LIMIT_MAX_EXPLAIN' => 'Once the count of failed logins from an IP address exceeds this limit any login from the IP address requires solving an anti-spambot task. Select 0 to disable the limit, so that no tasks need to be solved.',
'IP_LOGIN_LIMIT_TIME' => 'IP address login attempt expiration time',
'IP_LOGIN_LIMIT_TIME_EXPLAIN' => 'Login attempts expire after this period, in seconds.',
'IP_LOGIN_LIMIT_USE_FORWARDED' => 'Limit login attempts by <var>X_FORWARDED_FOR</var> header',
'IP_LOGIN_LIMIT_USE_FORWARDED_EXPLAIN' => 'Instead of limiting login attempts by IP address they are limited by <var>X_FORWARDED_FOR</var> values. <br /><em><strong>Warning:</strong> Only enable this if you are operating a proxy server that sets <var>X_FORWARDED_FOR</var> to trustworthy values.</em>',
'MAX_LOGIN_ATTEMPTS' => 'Maximum number of login attempts per username',
'MAX_LOGIN_ATTEMPTS_EXPLAIN' => 'Logging into a user account requires solving an anti-spambot task after the count of failed logins for the account exceeds this limit ',
'NO_IP_VALIDATION' => 'None',
'NO_REF_VALIDATION' => 'None',
'PASSWORD_TYPE' => 'Password complexity',