You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 21, 2020. It is now read-only.
Track ‘failed logins this hour’ and demand a captcha after say 5 failed logins
(RECAPTCHA plugin.)
in which case we’d better recommend “De-proxy-ficating IP address”: http://wiki.codemongers.com/NginxHttpRealIpModule
Make cookie spoofing a little harder: we set the user’s cookie to
(remember_token), but store digest(remember_token, request_IP). A CSRF cookie
spoofer has to then at least also spoof the user’s originating IP
(see Secure Programs HOWTO)
Log HTTP request on authentication / authorization failures (see here )