Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Brute Force attack on the Staff login page

Hi guys, loving the software so far but just have a question.

I had just made my ticket system live on forums and within half an hour I had some one try to brute force my staff/client login page (they were not successful and when I asked him about it he told me he was "testing" it (Was a former admin of the forums) He was able to do about 418 attempts in 2 minutes, is there anyway I can stop such things in the future?

I have the maximum amount of attempts set to 2 and a 10 minute wait but seemed to do nothing.

Pic below

image

Comments

  • you can ban the ip
  • ozkr;26622 said:
    you can ban the ip
    Which was the first thing I did in my webserver, but that does not help if people do it via proxys or have a dynamic IP.
  • edited November 2014
    Anything ever come of this?  I'm having the same problem on 1.9.4.  I've got excessive logins set to 3 failed attempts and a 10 min lockout, but like the OP mentions here, that doesn't seem to be doing anything..??  I'm getting 100+ login attempts from the same user within a few minutes.  

    Of course, I'm banning the IP's as I see them, however, they just keep changing IP's.  
  • Even though the thread is really old, sounds not so good that your installation of the latest 1.9.4. osticket is still lacking that (security) issue - if it's really an issue. But please do me a favor: I will close this discussion here, since there was not really a solution an it's over 2 years old, but please open a new discussion regarding the issue with the details about your osticket installation, so we can try to figure out if there is a security hole or a bug/issue with the function or your osTicket / webserver setup.

    I will add the link to the new discussion here, when you've opened it.
This discussion has been closed.