• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Lack of interest Block IP's if they try to access more than X multiple accounts

Chris D

XenForo developer
Staff member
#2
We actually already do this.

We count the number of login attempts in the last 5 minutes for the username/email and IP address. If this exceeds 3 then they are shown a captcha or blocked (depending on your Admin CP option).

We also check the number of attempts in the last 30 minutes for the username/email and IP address. If that exceeds 6 attempts, again, captcha or block.

Further on from that, we also check the number of attempts in the last 5 minutes for the IP address only. If that exceeds 7 attempts then captcha or block again.

Finally, we also check the number of attempts in the last 30 minutes for the IP address only. If that exceeds 15 attempts, then captcha or block.
 

Alfa1

Well-known member
#3
then captcha or block.
Captcha is very useful for suspicious attempts.
Adding a IP to the ban list should be done in situations that are clearly abusive.

So it would be very useful to have settings for both captcha and automatic IP bans.
Currently we can only do one.
 

Brogan

XenForo moderator
Staff member
#4
I disagree with automatic IP bans.

If it is a dynamic/corporate/shared IP address, it shouldn't be banned.
 

Alfa1

Well-known member
#5
If an IP attempts to access 5000 accounts and tries to brute force it, then the only solution is to ban it. The alternative is to get hacked.
 

Mike Edge

Well-known member
#6
I disagree with automatic IP bans.

If it is a dynamic/corporate/shared IP address, it shouldn't be banned.
Could have a white list option along with ban options such as ban for all reasons. Ban for 30 invalid logins but not 30 different account logins.. etc.