Joomla BruteForce Update?


Is there any joomla admin login bruteforce security rule?

Not sure if there’s a rule from Comodo for this, but you can use this one:

# Joomla Brute Force Protection

<LocationMatch "/administrator/index.php">
SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:00113
SecRule user:bf_block "[at]gt 0" "deny,status:403,log,id:00114,msg:'IP address blocked for 5 minutes. More than 3 Joomla POST requests within 10 seconds.'"
SecRule REQUEST_METHOD "^POST$" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/10,id:00115"
SecRule ip:bf_counter "[at]gt 3" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"

Warning: Replace [at] with the at sign above

It counts the number of POST requests to “/administrator/index.php” and if there are more than 3 within 10 seconds, the IP gets blocked for 5 minutes. We’re using this since a few days and it seems to throttle the attacks so far.

Note: Use at your own risk.

I saw this rule somewhere on some random website. Ty for help man. I will also await for comodo tec reply regarding this

No problem. It’s actually a modified version of the WordPress brute force rules from LiquidWeb. Instead of tracking the status code, I modified it to track the number of POST requests. You may want to reduce the threshold to something like 3 requests per 10 seconds since there are many distributed brute force attacks from various IPs lately.

Great but I think we already have a centralized rule to block bruteforce attack.:slight_smile:

see here:

Maybe Dmitry can confirm. As far as I’m aware, WordPress brute force rules won’t work with Joomla because they generate different HTTP status codes. Or you can just give it a try and see if it works.

you are absolutely correct its not working :frowning: May be admin can provide update regarding this

Current bruteforce protection isn’t protect Joomla, but it is planned in next updates.

Joomla bruteforce protection is available now.

Hello TDmitry…

May I know where to download the update for Joomla BruteForce protection… thz!

Do you have Joomla bruteforce protection working for Litespeed?

Please notice that the forum software is turning the at sign into “[at]”, so the code doesn’t work if you use it directly.

Good point, I’ve added a warning to my initial post. :-TU

Directly from COMODO WAF site: