A agree with Nikolas, as there seem to be many, many brute force attacks to TYPO3 backends in the last weeks. It would be great to have an option in installtool like this:
- Block an ip address after x login attempts in y seconds for z minutes/hours
- Or, if attackers change the ip address after every x attempts (I'm no security expert - is this possible?): block complete backend for z minutes/hours, if there are more than z attempts (not regarding the ip address) in the last y seconds.
I think such an option is very important and should be a core feature. Why?
- There is already a possibility to get informed about login attempts.
- If an attack starts, admin gets many, many mails in a short time. If the admin could not check mails for some hours, this will be hundrets or thousands of e-mails.
- If this happens: I think the sending server (means: my server!) could be blacklisted, because it suddenly sends so much mails in such a short time?
- And: if the admin could not check mails for some hours, the attacker has many tries and could be successfull.
I read, this can be solved with mod_security (http://www.derhansen.de/2013/09/blocking-brute-force-attacks-to-typo3.html or http://www.illutzmination.de/typo3-mod_security.html) or with fail2ban, but if I understood correctly, you need root access to the server for this?
So what about admins who are working with Managed VServers or Webhosting packages?
A founde 2 extensions, to solve this problem:
- http://typo3.org/extensions/repository/view/aba_bruteforceblocker
- http://typo3.org/extensions/repository/view/sysfire_failban
But I would prefer to add the needed features directly to the core and not to delegate such security issues to extension authors. My experience is, that many extensions authors stop development of their extensions after some years, so an admin has to replace the solution in many installations every few years.