Joomla extensions have moved!

Galaxiis (formely www.waltercedric.com) creates industry leading premium Joomla Extensions and is the longest running Joomla extensions provider since 2005.

Powerful Joomla extensions. - Excellent documentation. - Amazing support.

Visit now www.galaxiis.com

A Patch to protect Mambo administrator login page against brute force password attack!

How it is working?

  1. It is a component com_hashcash containing alls script to create a MD5 key in PHP and javascript, and verifying a challenge.
  2. The server is sending inside a hidden field a MD5 value which is directly linked to the server, user sessionid, time.
  3. The client will have to encrypt with a MD5 javascript (costly cpu operation for a spammer) the value of this hidden field and send it back to the server as hidden field name.
  4. If the test is not succesful, the spammer will get banned for 60seconds.
  5. All successful/unsucessful submit are logged in a file.
  6. When the file get bigger as 64kb, an email is sent to the admin.

Installation:
This component has no administration panel! Simply overwrite the file on Your server with the content of the zip. A component package install is on the way.

Original Mambo file affected for the login page:

  • /administrator/index.php <- add verification of the challenge
  • administrator\templates\mambo_admin\login.php <- insert hidden fields, and reference to MD5 javascript
  • administrator\templates\mambo_admin_blue\login.php <- insert hidden fields, and reference to MD5 javascript

 Future?
  • Many cryptographic algorithm, SHA1 on the way,
  • A mambots for changing on the fly all FORM before submit,
  • Ako_comment has been already patched, and  tested -> Waiting OK from Arthur Konze for releasing.
  • Ako_guestbok must be changed
link in download section...

comments powered by Disqus

You might like also

3 New Icons Packs for AKoComments 2.5
Attention: I did not rename the inserted tag correctly (I mean there is no grammar across settings.php) that means that migration from one theme to the other can be difficult. If someone want to invest some time and identify each smileys in each pack and assign the good description in settings.php.... for example a smiling smyleys should have : - )click more for pictures.....available in download section...enjoy! …
5249 Days ago
No Thumbnail was found
Your project registration for MamboForge has been approved.Project Full Name: hashcash for Mambo - cryptographic fwProject Unix Name: hashcashCVS Server: cvs.hashcash.mamboforge.net Shell/Web Server: hashcash.mamboforge.net visit it at http://mamboforge.net/projects/hashcash …
5251 Days ago
AkoComment 2.5 unofficial release in Download section
with antispamming and smileys skinning facilities...Not endorsed by Arthur Konze, All credits to Athur Konze. …
5251 Days ago
No Thumbnail was found
Your project registration for MamboForge has been approved. Project Full Name: Log4PHP for Mambo - logging framework Project Unix Name: log4php4mambo CVS Server: cvs.log4php4mambo.mamboforge.net Shell/Web Server: log4php4mambo.mamboforge.netIntegration of the famous LOG4J technology into Mambo Help any components, modules, mambots to have a way to create accurate informations in server logs files: Concepts: http://logging.apache.org/log4j/docs/ Origine of code: http://www.vxr.it/log4php/ http://mamboforge.net/projects/log4php4mambo/ …
5252 Days ago
Ako comment smileys icons pack
I've slightly modified ako_comment to accept smileys packages....All You have to copy a new directory in \components\com_akocomment\packs\A smileys package MUST contain a file settings.php, for example I have a components\com_akocomment\packs\exoticThe name of the package will have to be save in the admin panel<?php $smiley[':cats'] = "cats.gif"; $smiley[':doctor'] = "doctor.gif"; $smiley[':cry'] = "cry.gif"; $smiley[':mad'] = "mad.gif"; $smiley[':eek'] = "sm12.gif"; $smiley[':upset'] = "sm25.gif"; $smiley[':zzz'] = "sm_sleep.gif"; $smiley[':vroum'] = "VroumVroum06.gif";?>This will let You choose very easily your own smileys...Expect a release tomorrow in …
5253 Days ago
Mambo com_akocomment antispam patch
Comments are welcomed!Here we go....I've patched the component Ako comment of Arthur Konze with a hashcash technology....:A new form hidden field:with a random name (Hname),with a random MD5 value (Hvalue),is now send to the user.If the user want to submit a comment, a browser has to:Locate the random hidden field name (Hname) with javascript: (function replace())Rehash with a javascript MD5 the hidden field value (Hvalue) (and this is time consuming for spammer :-) )and send everything to server.If the spammer …
5255 Days ago
No Thumbnail was found
I use previously Jedit (www.jedit.org) and reach the limit very fast (no versionning, no helper, nothing...) I recommend to any serious developer to install:Eclipse from www.eclipse.org freePHPEclipse plugin from phpeclipse freeA concurent versionning system: CVS fro windows CVSNT freeA runnable Mambo environment like EasyPHP free …
5258 Days ago
No Thumbnail was found
Log4PHP Sick of echo "" and useless debug or error statement in PHP logs? Log4PHP is the famous brother of Log4J, and therefore it is a must for every average developer. I have packed log4PHP into a Mambo component. Enjoy!!!TODO: provide a editor for the configuration file log4PHP.properties inside the administration panellink in download section.... …
5258 Days ago
No Thumbnail was found
So I have just finished and test the integration of a hashcash challenge (MD5) into the com_akocomment component...using the code of this page http://dev.wp-plugins.org/browser/wp-hashcash/trunk/ only an extract but all credit to original authors:C.S. - www.cimmanon.orgGene Shepherd - www.imporium.orgJohn F -www.stonegauge.comMagenson - http://blog.magenson.de/Matt Mullenweg - photomatt.netMatt Warden - www.mattwarden.comPaul Andrew Johnston - pajhome.org.ukand to Arthur Konze, the author of com_akocomment : This email address is being protected from spambots. You need JavaScript enabled to view it. must also pack everything into a new version of the component or better say refactored the code a little …
5261 Days ago
No Thumbnail was found
SiteMap component (aka com_jm_sitemap) use on my homepage release in download section under GNU General Public License. You can find a living example in main menu under SiteMap/TOC).all credits goes to Copyright (C) James Mayer, Portland, OR USAChangelog: - reformating of source code, - add creation date for articles - add hits for articles - change pictures color and motifFuture:- different news icons for articles newer than 1 week, 1 months. - backend admin panelKnow bugs: - do not use …
5307 Days ago