So, I became a premium member JUST so i could get the anti-spam plugin. But, now that I have it, I dont think it does what I need. I'll post my issue here, and if its a configuration issue, thats great.
We run a number of very popular sites, and ALWAYS have people trying to hack us. We're locked down pretty good, but they are now trying to just brute-force passwords from the front-end. This is why I wanted CB Anti-spam.
The issue: They dont use the same IP every time they try a password. For example, here's a few log entries:
As you can see, the user "NapeImmumedge" tried to login 4 times in 3 minutes, from different ip addresses.
I need the same "login" check, but actually ban the account name, not just an IP. These guys are apparently using a huge bank of ips for their brute forcing.
Ensure you've latest release of CB AntiSpam, now navigate to CB AntiSpam > Config > Captcha > Legacy and enable captcha for login. This should eliminate all their automation and stop them from making successful or failed login attempts (will end before it even tries to validate so they'll never get a success response).
The problem with what you're wanting is they're brute forcing accounts. This means they're using legitimate usernames in most cases that the actual user is completely and utterly unaware of. So if you blocked based off this fact you'll lockout a user, that is unaware of this brute force, unjustly and will quickly find your userbase is gone due to not being able to login anymore; so the usage just isn't reliable.
Even if you do block them. It doesn't stop them. They just will never get a successful response so their brute force login attempts will always fail (captcha will stop those from being successful in the event they do guess the correct password). At that point you're being hit with a DoS attack and should contact your host as there's nothing CB AntiSpam can do to help with this. DoS attacks need to be stopped before they reach the server your site is on or the resources are lost regardless.
Another option is to just let CB AntiSpam do its thing. They will eventually exhaust their list of IP Addresses and loop through and begin blocking themselves. Based off the number after the Date this is exactly what's happening as the number after the Date is the number of times they've attempted with that IP Address; so is working fine in that regard. Please keep in mind the auto-blocking features are off by default. Ensure you've went to CB AntiSpam > Config > Auto Block and enabled it.
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
krileon
