-
Notifications
You must be signed in to change notification settings - Fork 19
Home
Welcome to the bfstop wiki! These pages contain the documentation for the Brute Force Stop plugin (plg_bfstop).
Download the latest version zip file as described in the README file: https://github.com/codeling/bfstop/blob/master/README Then install this zip file directly in Joomla by going to "Extensions", under "Install extension" select the zip file for upload, start the installation, and it should be installed! If there are any errors during installation, please report them in the issue tracker here on github: https://github.com/codeling/bfstop/issues
Go to "Extensions"->"Plugins" and choose "Brute Force Stop" in the appearing list. You might have to scroll down in the list or go to one of the next pages to reach that entry. Most of the options can be left at their default value. The only thing that you must do to enable the plugin is to set it's status to published.
It is however also a good idea to configure a recipient for notifications from the plugin, e.g. for when an IP address is blocked because of too many login attempts from that IP Address; do so under the "Notification" options on the right. You can either choose a Joomla! User (e.g. the Administrator), then his configured email address will be taken to send notifications to, or you can directly specify the email address you want notifications to be sent.
If you want you can also take a look at the other settings - you can e.g. determine how many notifications per day you want to receive, separately for failed login attempts and for blocked IP addresses.
Don't forget to save the options!
The plugin monitors each failed login attempt, and logs it to the database. If so configured, it can send out a notification for each or a limited number of failed login attempts per day. When running a server which is at least somewhat frequented, this is not such a good idea, as there is usually not much to be done when such an attempt happens; so the default option is to not notify about failed login attempts. If the number of failed login attempts exceeds an amount given in the configuration, the plugin will prevent any further access to Joomla! from this IP address - meaning the assumed attacker can not try to login anymore, he only sees a (configurable) message that he has exceeded the number of allowed login attempts, and is therefore banned. The ban is permanent at the moment (see Known Issues), and apart from looking at the database there is no way to see the currently blocked IPs (also see Known Issues).
In case you have locked yourself out of your own installation, you have two alternatives to get back into your Joomla installation:
- If you have access to the database behind Joomla (e.g. via phpmyadmin), then you can go to
the table
#__bfstop_bannedip(where #_ must be replaced by your database prefix); delete the entry with your IP address. If available, this is the preferred method - Alternatively, if you at the moment just have FTP access to the server running Joomla!, you can also move the file "bfstop.php" in the folder "plugins/system/bfstop/bfstop.php" to another location, e.g. to "plugins/system/bfstop/bfstop.php.bak". Note that this will disable the whole plugin, though! Since there currently is no way yet to unblock an IP address (other than deleting the IP address manually from the database, as described in the previous point, see also Known issues), you will have to then remove and reinstall the plugin to get it working again.
These issues are known and are being worked on at the moment.
- During first installation, the plugin will only show PLG_BFSTOP_DESC instead of a proper text describing the plugin.
- The plugin doesn't show the blocked IP addresses in the backend
- The plugin does not provide any way to unblock IP addresses once they're on the list of blocked addresses. The only way to unblock them is to go via the database (see chapter "What to do in case you locked yourself out", first point).
- The plugin does not provide a way to unblock IP addresses after a certain time has passed
The plan is to first fix the issues mentioned under "Known Issues" (and any eventual issues being reported via the bug tracker: https://github.com/codeling/bfstop/issues). The first big release (1.0) with all these fixes is planned roughly for summer (at the moment the plan would be about June, but a more detailed plan will be released one or two months before that); small releases (0.9.x) will come out in irregular intervals until then.