Hey,
I try to find out more about the brute-force.ini
I understand the reason for this file. But I am missing some information about the file:
Do I understand it right?
Example:
brute-force-bad-attempts-count = 1158
brute-force-diff-time-to-attempt = 69480
brute-force-attempts-count = 3
brute-force-last-bad-time = 1513255628
After 1158 tries the /downloader login gets blocked for 69480 seconds.
After that an attacker can try two more time this 1158.
This means after a total of 3474 tries the /downloader login gets blocked permanently and the last line is being added to the brute-force.ini?
Or is just the timestamp added?
Can I say that a brute-force attack was unsucessful when the /download login is blocked permanently and there is a timestamp in the last line of the brute-force.ini?
If I want to unblock the /downloader login do I simply erase the timestamp? Or the whole last line?
thanks and greetings
xx is how many times you try the password before the 1st block.
after yy time - you can try the password again.
when you have done this wrong zz times you are permantly blocked out.
Timestamp is the time it uses between each time to check
Hi @hanuman42,
Magento creates brute-force.ini when login attempts to downloader get failed. This feature is available from Magento 1.9.3.
@ptomter explained well about xx, yy, zz parameters
brute-force-bad-attempts-count = 10 brute-force-diff-time-to-attempt = 230 brute-force-attempts-count = 3
If the access is blocked after the mentioned attempts, reset the brute-force-bad-attempts-count to 0 and you should be able to log in again. But still, it is recommended to remove or rename the downloader folder to avoid the attack itself.
--------
Give Kudos if it helped or Accept it as solution