First, the reason behind this. Sit down around the campfire and grab those Marshmallows because it's Storytime.
A couple of years ago my forum was attacked by a malicious user whom set up a bot to begin attempting to gain access to all administrator accounts.
The bot was a constant presence always attempting to login. I had gotten so many Admin Errors in the logs about user failed login attempts on not only my account, but on all of my other Administrators too. The bot wasn't set on my members, it was trying for the admin panel.
It's a constant concern to come to your own website and see a bot there attempting to break in. Regardless of all the bans, it kept coming back due to hiding behind proxy servers. In the end, we had to stop banning it for fear of banning someone legitimate.
I went as far as to file a legal complaint and seek out professional help with proxies and the removal of malicious entities. But it really wasn't any good.
And then we found the answer we were looking for in 2 mods.
The first mod, is called Bad Behavior and is a way to stop forum spam and people from registering from known spam blacklists.
-This wasn't a direct help of course because the bot was set to simply attempt to login to our accounts. It wasn't trying to register for spamming purposes. But it was nice to have.
The real mod that completely stopped this attack was called Login Security.
The mod didn't remove the bot or anything like that, it simply allows users to set up an IP address (or Multiple IPs) from which they authorize. All other login attempts through different IP settings are restricted.
In this case, even if an outside user did manage to get the password of an account, they would also have to be using an authorized IP address to log-in.
It's additional security and some may say peace of mind goes a long way. We made a public announcement about the new mods and how users can protect their own accounts using it.
About 2 days after we installed this mod, the bot script was halted and it left the website. I believe it was because one of our users was actually behind it and saw the announcement of the new security we added.
So I'm asking if anyone might possibly be interested in creating an Add-on like this.
Here's the features from the one I used before:
- It will E-Mail the user on a failed login attempt and in-form them from which IP address that login attempt came from.
- After a preset amount of failed attempts (set up by the administrator), the account becomes locked for X amount of minutes or hours.
- Each user has permission to utilize this mod. And the system is either enabled or disabled.
- All users can set up multiple IP addresses by simply putting a comma between each one.
- Users trying to access their account from an un-authorized IP can e-mail themselves a Secure Link which expires in 7 minutes. This Secure Link can be used by the user to log in.
- Users go to their profile to set up their IP protection.
- Allow the implementation of this feature beginning as soon as the registration page. There can be a lock icon with a blank text field. Below the field is a small description to what the field is used for as well as a link to Whatismyip.com or a pop-up they can click to find out their current IP. (Not a required registration field)
- A new field right next to the moderation center that says failed login attempts. Moderators and Admins can view this, see which account was attempted access, and which IP address attempted the access as well as if that IP is associated with another user. Basically allowing mods and admins to see whom tried to get into whom's account.
- A permission to auto-ban a user that does attempt to access someone else's account.