Howard L Martinez Posted August 28, 2018 Share Posted August 28, 2018 hello, I am facing every time a problem people run some bot to crack my users username:pass they run like a bot who try to log in, like now I am facing more than 7 thousand guests all from the different IPs try to login...how I stop this when no recaptcha available on login screen...! what I do else only I have one option to turn off my website right now and wait for the bot to stop..! I don't want to use third-party plugins and pay for them, why u don't put this built in if some one wants to put recaptcha on login screen he has an option please think about this Link to comment Share on other sites More sharing options...
Mark Posted August 29, 2018 Share Posted August 29, 2018 It should lock the account after 3 failed attempts unless you have disabled that feature? Link to comment Share on other sites More sharing options...
Howard L Martinez Posted August 29, 2018 Author Share Posted August 29, 2018 they din't try one user:pass many time. they upload one big user:pass combo and try to find any successfull hit..! my website like not working from yesterday.. because some one run the config on my website right now 6 thousand guest trying to login..! what i do now?? the support team tell me this problem didn't resolve even if i turn off the community because they still have to login option..! check this all guest from diffrent ips...! so i don't even ban the proxy http://prntscr.com/ko2tvl Link to comment Share on other sites More sharing options...
bfarber Posted August 29, 2018 Share Posted August 29, 2018 Adding CAPTCHA to the login screen may (possibly) prevent any logins from working, but wouldn't prevent the actual behavior/activity going on. A script could still flood you with thousands of requests. This is known as a DDOS, and is something better mitigated by the webhost than the software. Link to comment Share on other sites More sharing options...
AndyF Posted August 29, 2018 Share Posted August 29, 2018 There was a plugin/hook to add this at one point although a cursory search did not show anything for the latest IPS4.3 series. Having said that it should not be too difficult for a third party coder to write something to add this functionality but I agree with BFarber it sounds more like a DDOS so the Captcha may not really assist that much. Link to comment Share on other sites More sharing options...
DawPi Posted August 29, 2018 Share Posted August 29, 2018 Link to comment Share on other sites More sharing options...
Howard L Martinez Posted August 30, 2018 Author Share Posted August 30, 2018 ya i install the plugin- but still 9 to 10 thousand guest try to login at the same time...! Link to comment Share on other sites More sharing options...
bfarber Posted August 30, 2018 Share Posted August 30, 2018 3 hours ago, Howard L Martinez said: ya i install the plugin- but still 9 to 10 thousand guest try to login at the same time...! 23 hours ago, bfarber said: Adding CAPTCHA to the login screen may (possibly) prevent any logins from working, but wouldn't prevent the actual behavior/activity going on. A script could still flood you with thousands of requests. This is known as a DDOS, and is something better mitigated by the webhost than the software. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.