Lock Accounts After "x" Failed Logins For "x" Mins

[.om]

Yeah on this board for members pre-display name..

But what about those who register with one type of login name, and something else as a display name? Then that doesn't reveal it.

So, yeah that's a good spot, but no, I mean something a little more guaranteed.

A simple solution to that would be using the registration field for display name as an optional field(something like the subscription manager field in ACP, where there is an option for it)...even if no default option is available or made available..it can be modded :)

[Wolfie]

Wouldn't that then make the initial display name equal to the login name, thus creating the very vuneralbility that I was mentioning AGAINST?

[.om]

well in that case../there must be some sort of a mask or option which enables/disables per group, the viewing of display name changes and maybe another option where per group options can be given where that group's disaply name change aint visible at all...for say an admin group..just like the IP being private..the display name can be displayed as "protected" and is not visible to anyone...this can also be as I said be extended on a per group basis.

[Shawn Dean]

I've done this mod for IPB 2.0.x. ^_^

[Logan]

Excellent mod!

Link: http://mods.invisionize.com/db/index.php/f/5182

[Wolfie]

Yeah ok.. Now how about making it for v2.1, but in a way where someone doesn't have to modify the PHP files. :D

[.John.]

Looks like LSS was pulled.

It's no longer available anywhere...

[Logan]

Yeah ok.. Now how about making it for v2.1, but in a way where someone doesn't have to modify the PHP files. :D

It'd be nice if Matt added it as a default feature in IPB 2.1 but I think he's done adding new features. But for now we can use Dean's mod for 2.0.

Dean, will you upgrade it to 2.1?

[Shawn Dean]

Huh?

More likely, yes.

[Wolfie]

Will you also make it so someone doesn't have to modify the php code? :D :D :D

[brunoXP]

[quote name='Wolfie

[Wolfie]

I mean like not needing for the PHP code to not be modified. That way updates to IPB can just be dropped in and the upgrader run, but still have the mods there already working. :)

[Arts&Faith]

Suggestion: EITHER (1) don't lock the username; block the IP address for x minutes OR (2) lock the user name for x minutes.

[Logan]

That's the point, lock the username/account for "x" minutes after "x" failed login attempts. Also, a good feature would be to send the owner of the account a link in their email to unlock their account immediately too. So time or email link to unlock.

[DjZvEr]

Very true, hmm. There must be something that could be put in place to stop / limit that from happening.

Block IP. the only problem with that is if someone uses a proxy.

I hope it too, Logan.

Just discussing about it, when do you think IPB 3.0 will be released? September 2006?

:)

Lets first wait for 2.1 and I think 3.0 is further away then that.

[dpeterson]

That's the point, lock the username/account for "x" minutes after "x" failed login attempts. Also, a good feature would be to send the owner of the account a link in their email to unlock their account immediately too. So time or email link to unlock.

Aren't you suggesting exactly what Dean's mod does ?... his mod sends out an email to the account holder so it can be unlocked.

[Rοb]

his mod sends out an email to the account holder so it can be unlocked.

Nice!
This sounds like an awesome feature suggestion :)

[Logan]

Aren't you suggesting exactly what Dean's mod does ?... his mod sends out an email to the account holder so it can be unlocked.

Yes I know, but I made that suggestion before I knew about Dean's mod.

[Wolfie]

Also it'd be nice to have as a default. I somehow doubt this one would make it, but if so, that'd be nice.