A patch to protect Mambo administrator login page
A Patch to protect Mambo administrator login page against brute force password attack!
How it is working?
- The server is sending inside a hidden field a MD5 value which is directly linked to the server, user sessionid, time.
- If the test is not succesful, the spammer will get banned for 60seconds.
- All successful/unsucessful submit are logged in a file.
- When the file get bigger as 64kb, an email is sent to the admin.
This component has no administration panel! Simply overwrite the file on Your server with the content of the zip. A component package install is on the way.
Original Mambo file affected for the login page:
- /administrator/index.php <- add verification of the challenge
- Many cryptographic algorithm, SHA1 on the way,
- A mambots for changing on the fly all FORM before submit,
- Ako_comment has been already patched, and tested -> Waiting OK from Arthur Konze for releasing.
- Ako_guestbok must be changed