Select Page

A patch to protect Mambo administrator login page

A Patch to protect Mambo administrator login page against brute force password attack!

How it is working?

  1. It is a component com_hashcash containing alls script to create a MD5 key in PHP and javascript, and verifying a challenge.
  2. The server is sending inside a hidden field a MD5 value which is directly linked to the server, user sessionid, time.
  3. The client will have to encrypt with a MD5 javascript (costly cpu operation for a spammer) the value of this hidden field and send it back to the server as hidden field name.
  4. If the test is not succesful, the spammer will get banned for 60seconds.
  5. All successful/unsucessful submit are logged in a file.
  6. When the file get bigger as 64kb, an email is sent to the admin.

Installation:
This component has no administration panel! Simply overwrite the file on Your server with the content of the zip. A component package install is on the way.

Original Mambo file affected for the login page:

  • /administrator/index.php <- add verification of the challenge
  • administrator\templates\mambo_admin\login.php <- insert hidden fields, and reference to MD5 javascript
  • administrator\templates\mambo_admin_blue\login.php <- insert hidden fields, and reference to MD5 javascript

 Future?

  • Many cryptographic algorithm, SHA1 on the way,
  • A mambots for changing on the fly all FORM before submit,
  • Ako_comment has been already patched, and  tested -> Waiting OK from Arthur Konze for releasing.
  • Ako_guestbok must be changed

link in download section…

About The Author

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.

Categories