First of all thanks a lot for ECC+...
AS already included on my recent JED review for your ECC+ plugin I wish to ask you to consider to include, as an option at the ECC+ backend config. panel, the possibility to select ECC+ protection to the Login Form, too
This should stop the failed daily BOT login attempts received daily that are recorded and warned by a built-in firewall component that we would have installed (and only real human failed login alerts should be email warned & recorded)
For your guidance Alikon options: extensions.joomla.org/extensions/owner/alikon
should be an option, because advertise supports that, but I tested both and I like yours because much better fit on my template + Alikon requires complementary add-ons to have installed to work correctly that I would like to avoid.
Thanks in advance for your attention & quick feedback,
Of course I could extend ECC+ with some of the functionalities which the other plugins offer. What do you think? What would be a good solution (without a visible spam check due the described problem above)?
5 years 10 months ago - 5 years 10 months ago#6971by GammX1
Thanks for your quick answer...
Let me have to explain you which is my scenario to better give you the idea:
1) I'm using Akeeba Admin Tools
pro as the main protection layerand its by itself covers most of the features offered by your commented Login Failed Log Plugin, Redirect Failed Login & Max Failed Login Attempts Plugin add-ons including the option to email me failed login attempts & setting max. failed login attemtps by IP during a pre-set time + added to IP backlist if still attempting iwhen the max. pre-set attempts is over-passed.
2) I would not like to use the redirection to other page because this setting would punish real human and legitimate users after just a typing mistake during the login process
3) Particularly in my site, the login module is only shown once because I have created my own custom module with the needed links that points to each 'login', 'register', 'reminder', 'reset' forms (That means that my custom module can be published on every page if I wish but the real 'login', 'register', 'reminder', 'reset' forms should only available once under a hidden-custom-menu-link.
>> Doing that, as explained, the real login module should be only published once under a single and unic place/ position (note: the default login Joomla! module is set at mi site visible only for registered Users converting it to a "Logout module" instead than a 'Login' module).
- As mentioned before 'Admin Tools' send me a warning email after each failed login alert feature very welcome if that is comming from a real human login failure (mainly to have the option to check the way to help or check if that's happens because a site bug or not)
- Could be acceptable to force the real user/ members to set a math validation or an obious right answer at the login form but not to redirect them other page if the had just a typing mistake but I would like to stop reduce the nr of emails received because the BOT login attempts.
CONCLUSION: What I wish to protect is the Component Login and not the Module Login
MAYBE A CRAZY IDEA:
- If you still think that to include a Math or obvious question answer is not possible: May be to include a visible time-down counter delay at the frontend Login form (preset at the backend for the Login Form aka 5, 6. 7, 8 seconds) should be acceptable and I think should be enough to the stop the always very fast BOTs fulfil the login form at their login attempts. Of course the delay cont-down time should need to start at the Login form loading moment. You have the last word if that should be feasible or not
Thanks again for your attention,
Last Edit: 5 years 10 months ago by GammX1.
5 years 10 months ago - 5 years 10 months ago#6973by GammX1
Seems I have no other way than to install the Alikon solution, too but only enabling that one just for Component Login and
1) Keeping ECC+ for the others 'component' register, remind, and reset forms just to keep the possibility to use the ECC+ double question feature: 'easy-math' plus 'obvious-answer-question' enabled at once.
2) And setting the default Login module only available for 'registered' Users ... that converts itself as a 'Logout module' instead that a 'Login Module'
>> Of course, should be better to have ECC+ only installed instead than to have double CAPTCHA protection installed but...
I have no doubt, you will see the way to add this feature based on the given guidelines. I'll stay tuned!
Thanks again for all, and keep-up the good work!
Last Edit: 5 years 10 months ago by GammX1. Reason: typing mistake
5 years 10 months ago - 5 years 10 months ago#6988by Vitja
I did some tests. It is easier than I have expected. In Joomla! 2.5 the users are redirected automatically to the login form in the component view if they type the name or password wrong. So ECC+ just have to protect this login form without any further actions.
EDIT: Okay, not so easy. I have to implement a counter how many times the password was entered wrong to avoid direct POST requests...
of course!... let me have the link from where to download it and I'll report you the results at mi side!
If you need to send the download link privately, just let me know and I'll provide you my email address
I'll stay tuned!