Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Captcha for login page?  (Read 998 times)

0 Members and 1 Guest are viewing this topic.

H4F

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Captcha for login page?
« on: April 27, 2020, 04:16:53 am »

Hi,

Default option is captcha for comments or new registration, but not for login page. I know there is an anti-ddos protection by limiting the amount of tries to 5. But in my case, as I run a host dedicated mostly to fansites, I have more than +700 sites with Coppermine on a single server. And we have noticed that from time to time there are DDOS attacks to Coppermine's login.php. Of course, under normal circumstances a servers doesn't have as many Coppermine installations as we have, but sometimes it is really frustrating as we can see most requests go to login.php.

Not to mention that the default limit for the anti-DDOS is 5, to change it we would have to ask our hostess to change it manually and in future installations as well, with a Captcha it would filter the ddos attacks easily.
Logged

H4F

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Captcha for login page?
« Reply #1 on: April 27, 2020, 04:18:59 am »

Would also like to note that we have also added a mod_security rule to change it to 3 times instead of 5, but a captcha would be more helpful and would impact less on servers performance
Logged
Pages: [1]   Go Up
 

Page created in 0.016 seconds with 20 queries.