[Done] Brute Force Protection

4
4na4
silvestris
  • 1
  • 11 Aug '14

In real life there are many attemps to log-in on random accounts. Forum software should have some kind of preventing solution or log file. For example suspending an IP/account for a few minutes.

Weak password detection tool maybe? Or password strength checker & change password after x days.

nitely
Esteban C Borsani
  • 11 Aug '14

In real life there are many attemps to log-in on random accounts. Forum software should have some kind of preventing solution or log file. For example suspending an IP/account for a few minutes.

There is a throttling mechanism in place. You are protected against brute force attacks.

Weak password detection tool maybe? Or password strength checker & change password after x days.

Maybe as a plugin...

D
  • 17 Dec '14

is there any logfile? we have the problem that we cant upload files via spirit right now
and have no clue why.

are there filetype restrictions? (i think i remember only images jpg png gif, but every file type should be supported! with a MB limit)

nitely
Esteban C Borsani
  • 18 Dec '14

Hi!, logfiles are configure at project level. Since Spirit is just an app it can't help you there. If you are using the example settings then you will receive an email whenever an exception occurs. There are examples out there showing how to log to a file.

If the image you are trying to upload is not supported, then you will see an error right there in the comment box (you won't receive an email).

@derWalter

are there filetype restrictions? (i think i remember only images jpg png gif, but every file type should be supported! with a MB limit)

Yes, of course there are. Spirit is pretty secure in that area. It doesn't care about the extension, it rather checks if it is a real image. By defaults it'll allow ['jpeg', 'png', 'gif'], the most common ones. You can add more file types if you want to.

Right now it does not support file upload other than images.

MB limit should be restricted by your web server (ie: apache or nginx).

J
jeff
Jeff Wilson
  • 1
  • 22 Dec '14

cool.