Improved security in the login

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
ilo's picture

Honestly I'm the one hating cross posts, but I know it will be lost in the drupal's forum torrent of help request posts, so I decided to introduce again in a more suitable place, this community group. Sorry for the inconvenience! :D

I've developed a little module (5.X version of drupal ONLY) to control and disrupt the login operation on certain situations, improving the site security with new options.

You can find the module here:

http://www.drupal.org/project/login_security

I've included the readme.txt of the module in the post for so you can read it withouth downloading.


Login Security

This module was developed to improve the security options in the login operation
of a drupal site. By default, drupal has only basic access control deniying IP
access to the full content of the site.

With Login security a site administrator may add two types of access control to
the login forms (default user login and login block). These are the features included:

Soft Protections:

  • Request Time delay: On any failed login, a time delay in included to the submit
    request, hardenning any bruteforce attack to the login form.
  • Block login forms or requests, when the protection flag is enabled the form is
    never submited, and any request even with a valid form token ID will be dropped,
    but the host still can access the site.

Hard Protections:

  • Block account: on a number of failed attempts, the account can be blocked.
  • Block IP: on a number of failed attempts, a host may be added to the access
    control list.

Community

Group organizers

Group categories

Community Group Freetags

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: