We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

vulnerable to brut force attack | Forum

Topic location: Forum home » Support » General Questions
Marcus
Marcus Jun 27
hi folks login portion is vulnerable to brut force attack since it doesnt block u after x amount of failed attempts. 
dave Team
dave Jun 27
There is a plugin that does this..  actually there are a few
Marcus
Marcus Jun 27
thanks brother why would they leave a gap in security. also admin portion of the site should only be acced by authorized users only else 404 as this is the area id attack first lol. 
dave Team
dave Jun 27

admin area does check for $isAdmin i believe is the name, if you are not admin the link and icon for admin wont show on the page dropdown


To answer your question, yes it does need to be updated but most DDoS attacks are handled server side by the host in most cases. But yes the login needs to be updated.

The Forum post is edited by dave Jun 27
Marcus
Marcus Jun 27
appreciate it dave. 
Chris_W
Chris_W Jun 27
I think the free Antibruteforce plugin has been removed from the store. I have a copy if anyone needs it.
Marcus
Marcus Jun 27
pls send me one
Chris_W
Chris_W Jun 27

Quote from Marcus pls send me one
Done :^)
Marcus
Marcus Jun 27
thanks Chris 
Patrick Reed
Patrick Reed Aug 15

Quote from Chris_W I think the free Antibruteforce plugin has been removed from the store. I have a copy if anyone needs it.
I would like to have a copy if possible please. Thank you.
Glor
Glor Aug 15
Hi Chris and Marcus, Kindly send me one. I need one badly.
Sumate-RelajoSoft

You can download it from here.



Zip file attachment removed by moderator.

The Forum post is edited by dave Aug 16
dave Team
dave Aug 16

Please understand that any paid plugin that is shared in this fashion is not supported at all from oxwall or the oxwall store. 


I have removed the plugin attachment  in the previous post.


We prohibit sharing of such plugins in this way because it bypasses the reason why it was taken down in the first place, it can also be very dangerous and finally it violates license rules. Paid plugins regardless of status (active, removed, suspended) must still hold true to the develoers rights to the code and to the license. 


We just went through something similar with someone else using a paid plugin that did not purchase it, and that developer was upset and they had a right to be upset.  The same rule applies to everyone, dont be sharing paid plugins regardless of status.  


What you all do in your private communications is your business but do not share paid plugins on oxwall platform in this way.


That means that you are on your own, if it breaks, if it messes up your website, if it crashes your DB.  Do not ask us to fix the plugin or the damage it does to your website, here on the public forum. 

The Forum post is edited by dave Aug 16
Patricia Zorrilla Leader

I think the users don't value enough the damage they do 

sharing software illegally.

Then they complain that the developers are leaving, that there are no new plugins, that they disappear from the store and so on.

It's outrageous, and also publicly without any shame.


First, recommending plugins that no longer exist

Second, send the copyrighted code to anyone who needs it.

Then comes the step:

- "asks me for my license number"

And the answer:

- "you have to change this and that in these files"


And then the moderator appears, deletes the file and says that publicly no but privately it's okay.


Even SkaDate does it (see https://developers.oxwall.com/forum/topic/67140 )


I don't get it. This way, we won't move forward.

dave Team
dave Aug 16

I did not intend to indicate that it was ever ok.  My point was that i only have control over oxwall environment, i do not have control over their personal communication so i cannot control that.   I guess i should have just said flat out.... never share paid plugins in any environment...