View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Supportez nous sur Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - Preventing account lockout by DDOS - ProjeQtOr

Prochaines sessions de formation

Les prochaines formations et démonstrations sont ouvertes, inscrivez-vous rapidement !

 

Démonstration de ProjeQtOr

(gratuit, sur inscription)

Mardi 23 avril (10h30-12h)

Jeudi 16 mai (16h-17h30)

Jeudi 13 juin (10h30-12h)

  
 

Planifiez avec ProjeQtOr

3 et 4 avril (9h - 12h30)

  
 

Administrez avec ProjeQtOr

10 et 11 avril (9h - 12h30)

  

 

 
 

Preventing account lockout by DDOS

More
10 Oct 2021 23:11 #1 by fathibn
Preventing account lockout by DDOS was created by fathibn
Hi,
ProjeQtor beeing a web application that some of us expose to the internet. I recently got my admin account locked probably du to many wrong supplied passwords. I suggest to add some sort of "Challenge" on the login page like captcha to prevent accounts beeing locked.

Please Connexion or Create an account to join the conversation.

More
15 Oct 2021 11:39 #2 by babynus
Replied by babynus on topic Preventing account lockout by DDOS
Some captcha will be very anoying for most users.
Enter a captcha for every connection is not desired. Some users connect several times a day... (and we do connect dozains of times a day...)
I would advide you to protect your server with fail2ban for instance, and set limit lower than limit in projector.
This way, a hacher you be banned (his IP is banned) after (for instance) 3 attempts, while ProjeQtOr account will be locked only after 5 attempts.
So youi'll have 2 attempts to connect and reset projeqtor wrong connection count...
Babynus
Administrator of ProjeQtOr web site
The following user(s) said Thank You: fathibn

Please Connexion or Create an account to join the conversation.

More
17 Oct 2021 14:50 #3 by fathibn
Replied by fathibn on topic Preventing account lockout by DDOS
Thank you @babynus. I will have to figure-out how to prevent fail2ban to block the ip address of my reverse proxy ssl which projeqtor is behind it. Butn that sound good until I figure out how to do saml authentication against lemonldap-ng, which will solve all the this problems and also the problems of several/tnes/hundreds connections a day.

Please Connexion or Create an account to join the conversation.

More
18 Oct 2021 14:24 #4 by babynus
Replied by babynus on topic Preventing account lockout by DDOS
If you have a reverse prowy, it his his duty to block DDOS attacks
Babynus
Administrator of ProjeQtOr web site

Please Connexion or Create an account to join the conversation.

More
18 Oct 2021 15:08 #5 by fathibn
Replied by fathibn on topic Preventing account lockout by DDOS
:-) correct. Mine is just a ssl termination one, no packets mangling, no firewalling, no WAF.

Please Connexion or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.037 seconds

Paramétrages de cookies

×

Cookies fonctionnels

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Veuillez vous connecter pour voir vos activités!

Autres cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form