Post by Propkius » Fri Aug 08, 2014 9:39 pm

Hey guys,

Some laws here requires e-shops to have this feature for the accounts which has the access to personal customer infos. Can anyone tell me if it's possible to protect admin login page with something like a ban after 5 times wrong password was inputed ?

Newbie

Posts

Joined
Wed May 14, 2014 2:16 am

Post by granddaddy » Fri Aug 08, 2014 10:21 pm

Have a look at this post - it has a mod in it for restricting logins:
http://forum.opencart.com/viewtopic.php ... 6&p=395655

EDIT:
Just noticed you wanted it to restrict admin, not customer. But you could probably adapt the mod for it anyway, if you know php.

Active Member

Posts

Joined
Sat Feb 18, 2012 5:48 pm

Post by Propkius » Sat Aug 09, 2014 12:05 am

Thanks, but unfortunately I don't know php , so no clue how to adapt that code

Newbie

Posts

Joined
Wed May 14, 2014 2:16 am

Post by sytra » Sat Aug 09, 2014 2:19 am

I will have a look around, we have a lock on the admin password, you can choose how many attempts before it locks it out, when I find it I will post the link.

Running OC 1.5.5.1 with vqmods.
http://www.aislings.co.uk
http://www.lovers-paradise-toys.co.uk


Active Member

Posts

Joined
Sat Feb 04, 2012 6:27 am

Post by sytra » Sat Aug 09, 2014 2:36 am

I can't find it in the extensions anywhere and it doesn't show on my purchased downloads so I assume it was freely available.

I have uploaded a copy of the VQmod file, this one is set to lock out after 3 incorrect attempts but can be edited on about line 33

Code: Select all

if($_SESSION['limit']!=3)
just change the 3 to however many attempts you need.

This is on our site which is 1.5.5.1 so don't know if it will work on earlier or later versions.

Running OC 1.5.5.1 with vqmods.
http://www.aislings.co.uk
http://www.lovers-paradise-toys.co.uk


Active Member

Posts

Joined
Sat Feb 04, 2012 6:27 am

Post by rph » Sat Aug 09, 2014 3:57 am

You'll probably want to use the IP along side the session as sessions on their own are trivial to reset.

-Ryan


rph
Expert Member

Posts

Joined
Fri Jan 08, 2010 5:05 am
Location - Lincoln, Nebraska

Post by Dhaupin » Sat Aug 09, 2014 8:16 am

Honestly ive been thinking this is a necessary kinda thing for OC...could prob bend it into the default OC IP ban system. I havent had time to mess with it. Didnt realize it was a legal thing though.

What we use: (sorry if its not accessable to your install situation)
If you have a VPS, or a host willing to work with you on this, you can use logs and fail2ban/BFD at server side. If they fail enough in short enough period, it sends them to a server level firewall ban set for an amount of time and/or blacklist permanent if they're caught as a non-anon proxy. This locks them out of the entire realm so they cant just prance around from platform to platform to ftp trying to get in.

We have a snippet that will proxy sniff + log html + sys trigger fail2ban but its beta -- email me dhaupin@creadev.org if you wanna try it for your VPS. There is also a simple trigger mod in the extension store for fail2ban, but not sure if he updated it to use transparent syslog though

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA
Who is online

Users browsing this forum: No registered users and 40 guests