Read the blogs!
Started by BeberGold, December 29, 2022, 02:08:53 AM
Quote from: Aleksi "Lex" Kilpinen on December 29, 2022, 10:58:25 AMThere is logic in SMF to offer some level of protection, and to redirect a user after failed attempts, but off the top of my head I can't really offer a more detailed description. The initial redirect threshold is configurable.
Quote from: Aleksi "Lex" Kilpinen on December 29, 2022, 12:19:44 PMIt's "Failed login threshold" under "Security" in the admin control panel. It will redirect a user to the "Forgot password" page after a set amount of failed login attempts, interrupting the normal login process.
Quote from: shawnb61 on December 29, 2022, 01:38:39 PMIn addition to that, there is password flood detection & control.If we detect multiple attempts within a 10 second window, we don't even let them know if they get it right...For more info, look at validatePasswordFlood() in LogInOut.php.
Quote from: BeberGold on December 29, 2022, 01:47:57 PMYou are asking me to look at code. Is there a GUI option to adjust the time window of this feature?If not, maybe it is something which could be added in future updates and therefore treated as a feature request?
Quote from: shawnb61 on December 29, 2022, 01:50:14 PMNo, these are not user-controllable parameters at this time. Feel free to log a request in the Requests board:https://www.simplemachines.org/community/index.php?board=3.0