× Here you can ask for new features. Please ensure that the requested feature is not implemented already in the latest release.

Hier kommen Feature-Anfragen zu den Erweiterungen rein. Bitte sicherstellen, dass das gew├╝nschte Feature in der aktuellen Version nicht bereits implementiert ist.

To add ECC+ protection as an option to Login Form, too

5 years 10 months ago #6969 by GammX1
Hi Viktor,
First of all thanks a lot for ECC+...
AS already included on my recent JED review for your ECC+ plugin I wish to ask you to consider to include, as an option at the ECC+ backend config. panel, the possibility to select ECC+ protection to the Login Form, too
This should stop the failed daily BOT login attempts received daily that are recorded and warned by a built-in firewall component that we would have installed (and only real human failed login alerts should be email warned & recorded)
For your guidance Alikon options: extensions.joomla.org/extensions/owner/alikon should be an option, because advertise supports that, but I tested both and I like yours because much better fit on my template + Alikon requires complementary add-ons to have installed to work correctly that I would like to avoid.
Thanks in advance for your attention & quick feedback,
Rgrds,
GammX1

5 years 10 months ago #6970 by Vitja
Hi GammX1,

thank you very much for your interest in ECC+ and your review in the JED!

The main problem is that ECC+ is only triggered in certain components. The login module can be displayed on every page, so the plugin can not protect this form adequately.

Have you tried some available solutions for this problem?

extensions.joomla.org/extensions/access-...in-restriction/20032
extensions.joomla.org/extensions/access-.../login-redirect/6495
extensions.joomla.org/extensions/access-...login-redirect/15486

Of course I could extend ECC+ with some of the functionalities which the other plugins offer. What do you think? What would be a good solution (without a visible spam check due the described problem above)?

Regards

Kubik-Rubik Joomla! Extensions

Please support my work with a review in the Joomla! Extensions Directory: extensions.joomla.org/profile/profile/details/61997
The following user(s) said Thank You: GammX1
5 years 10 months ago - 5 years 10 months ago #6971 by GammX1
Thanks for your quick answer...
Let me have to explain you which is my scenario to better give you the idea:
1) I'm using Akeeba Admin Tools pro as the main protection layerand its by itself covers most of the features offered by your commented Login Failed Log Plugin, Redirect Failed Login & Max Failed Login Attempts Plugin add-ons including the option to email me failed login attempts & setting max. failed login attemtps by IP during a pre-set time + added to IP backlist if still attempting iwhen the max. pre-set attempts is over-passed.
2) I would not like to use the redirection to other page because this setting would punish real human and legitimate users after just a typing mistake during the login process
3) Particularly in my site, the login module is only shown once because I have created my own custom module with the needed links that points to each 'login', 'register', 'reminder', 'reset' forms (That means that my custom module can be published on every page if I wish but the real 'login', 'register', 'reminder', 'reset' forms should only available once under a hidden-custom-menu-link.
>> Doing that, as explained, the real login module should be only published once under a single and unic place/ position (note: the default login Joomla! module is set at mi site visible only for registered Users converting it to a "Logout module" instead than a 'Login' module).

TARGET:
- As mentioned before 'Admin Tools' send me a warning email after each failed login alert feature very welcome if that is comming from a real human login failure (mainly to have the option to check the way to help or check if that's happens because a site bug or not)
- Could be acceptable to force the real user/ members to set a math validation or an obious right answer at the login form but not to redirect them other page if the had just a typing mistake but I would like to stop reduce the nr of emails received because the BOT login attempts.

CONCLUSION: What I wish to protect is the Component Login and not the Module Login

MAYBE A CRAZY IDEA:
- If you still think that to include a Math or obvious question answer is not possible: May be to include a visible time-down counter delay at the frontend Login form (preset at the backend for the Login Form aka 5, 6. 7, 8 seconds) should be acceptable and I think should be enough to the stop the always very fast BOTs fulfil the login form at their login attempts. Of course the delay cont-down time should need to start at the Login form loading moment. You have the last word if that should be feasible or not :-)

Thanks again for your attention,
GammX1
5 years 10 months ago - 5 years 10 months ago #6973 by GammX1
[TEMPORARILY SOLVED]

Seems I have no other way than to install the Alikon solution, too but only enabling that one just for Component Login and
1) Keeping ECC+ for the others 'component' register, remind, and reset forms just to keep the possibility to use the ECC+ double question feature: 'easy-math' plus 'obvious-answer-question' enabled at once.
2) And setting the default Login module only available for 'registered' Users ... that converts itself as a 'Logout module' instead that a 'Login Module'

>> Of course, should be better to have ECC+ only installed instead than to have double CAPTCHA protection installed but...

I have no doubt, you will see the way to add this feature based on the given guidelines. I'll stay tuned! ;-)
Thanks again for all, and keep-up the good work!
Cheers!
GammX1
5 years 10 months ago #6977 by Vitja
Hi GammX1,

thank you for your thoughts and the feedback.

I will think about a solution! I have already an idea, have to think about it in more detail.

Regards

Kubik-Rubik Joomla! Extensions

Please support my work with a review in the Joomla! Extensions Directory: extensions.joomla.org/profile/profile/details/61997
5 years 10 months ago - 5 years 10 months ago #6988 by Vitja
Hi GammX1,

I did some tests. It is easier than I have expected. In Joomla! 2.5 the users are redirected automatically to the login form in the component view if they type the name or password wrong. So ECC+ just have to protect this login form without any further actions.

EDIT: Okay, not so easy. I have to implement a counter how many times the password was entered wrong to avoid direct POST requests...

I will implement this in the next release!

Regards

Kubik-Rubik Joomla! Extensions

Please support my work with a review in the Joomla! Extensions Directory: extensions.joomla.org/profile/profile/details/61997
The following user(s) said Thank You: GammX1
5 years 10 months ago #7023 by Vitja
Hi GammX1,

have implemented the new function.

Do you want to test it?

Regards

Kubik-Rubik Joomla! Extensions

Please support my work with a review in the Joomla! Extensions Directory: extensions.joomla.org/profile/profile/details/61997
The following user(s) said Thank You: GammX1
5 years 10 months ago #7024 by GammX1
of course!... let me have the link from where to download it and I'll report you the results at mi side!
If you need to send the download link privately, just let me know and I'll provide you my email address
I'll stay tuned!
rgrds,
Gammx1
5 years 10 months ago #7027 by Vitja
Okay! :)

Here we go:


Part of the message is hidden for the guests. Please log in or register to see it.


You have to enable the option "User Login" and set a number for "Max. login attempts".

Looking forward to hearing from you. ;)

Regards

Kubik-Rubik Joomla! Extensions

Please support my work with a review in the Joomla! Extensions Directory: extensions.joomla.org/profile/profile/details/61997

This message has an attachment file.
Please log in or register to see it.

The following user(s) said Thank You: GammX1
5 years 10 months ago #7028 by GammX1
Got it! I'll test it now and I'll keep you informed.
Time to create page: 0.147 seconds