Login Security Solution
[resolved] Not seeing slowdown during brute force attack [0.20.2]? (2 posts)

  1. bbeoj
    Posted 4 years ago #

    Let me start by saying that the attack was unsuccessful, in part due to the strong passwords enforced by this plugin.

    I'm using 0.20.2, and during an attack this weekend that lasted 2 and a half hours there were 1000 login attempts with only 9 to 12 seconds between each attempt.

    I received 50 emails - I expected that the attack would be slowed down more...?

    I can send any logs you need if you would like to take a look.



  2. Daniel Convissor
    Plugin Author

    Posted 4 years ago #

    Hi bbeoj:

    The attackers were using multiple processes against you. If the slowdown wasn't there, they would have gotten in multiple requests per second.

    Testing on my local dev box with valid auth credentials produces about 8 hits per second, which would add up to about 72,300 attempts in 2.5 hours. You only had 1,000.

    Thanks for the report,


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Login Security Solution
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic