Hey guys,
Some laws here requires e-shops to have this feature for the accounts which has the access to personal customer infos. Can anyone tell me if it's possible to protect admin login page with something like a ban after 5 times wrong password was inputed ?
Have a look at this post - it has a mod in it for restricting logins:
http://forum.opencart.com/viewtopic.php ... 6&p=395655
EDIT:
Just noticed you wanted it to restrict admin, not customer. But you could probably adapt the mod for it anyway, if you know php.
http://forum.opencart.com/viewtopic.php ... 6&p=395655
EDIT:
Just noticed you wanted it to restrict admin, not customer. But you could probably adapt the mod for it anyway, if you know php.
I will have a look around, we have a lock on the admin password, you can choose how many attempts before it locks it out, when I find it I will post the link.
Running OC 1.5.5.1 with vqmods.
http://www.aislings.co.uk
http://www.lovers-paradise-toys.co.uk
I can't find it in the extensions anywhere and it doesn't show on my purchased downloads so I assume it was freely available.
I have uploaded a copy of the VQmod file, this one is set to lock out after 3 incorrect attempts but can be edited on about line 33 just change the 3 to however many attempts you need.
This is on our site which is 1.5.5.1 so don't know if it will work on earlier or later versions.
I have uploaded a copy of the VQmod file, this one is set to lock out after 3 incorrect attempts but can be edited on about line 33
Code: Select all
if($_SESSION['limit']!=3)This is on our site which is 1.5.5.1 so don't know if it will work on earlier or later versions.
Running OC 1.5.5.1 with vqmods.
http://www.aislings.co.uk
http://www.lovers-paradise-toys.co.uk
Honestly ive been thinking this is a necessary kinda thing for OC...could prob bend it into the default OC IP ban system. I havent had time to mess with it. Didnt realize it was a legal thing though.
What we use: (sorry if its not accessable to your install situation)
If you have a VPS, or a host willing to work with you on this, you can use logs and fail2ban/BFD at server side. If they fail enough in short enough period, it sends them to a server level firewall ban set for an amount of time and/or blacklist permanent if they're caught as a non-anon proxy. This locks them out of the entire realm so they cant just prance around from platform to platform to ftp trying to get in.
We have a snippet that will proxy sniff + log html + sys trigger fail2ban but its beta -- email me dhaupin@creadev.org if you wanna try it for your VPS. There is also a simple trigger mod in the extension store for fail2ban, but not sure if he updated it to use transparent syslog though
What we use: (sorry if its not accessable to your install situation)
If you have a VPS, or a host willing to work with you on this, you can use logs and fail2ban/BFD at server side. If they fail enough in short enough period, it sends them to a server level firewall ban set for an amount of time and/or blacklist permanent if they're caught as a non-anon proxy. This locks them out of the entire realm so they cant just prance around from platform to platform to ftp trying to get in.
We have a snippet that will proxy sniff + log html + sys trigger fail2ban but its beta -- email me dhaupin@creadev.org if you wanna try it for your VPS. There is also a simple trigger mod in the extension store for fail2ban, but not sure if he updated it to use transparent syslog though
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
Who is online
Users browsing this forum: No registered users and 38 guests
