Login attempts when more than 5 attempts failed - [Resolved]

Sat, 01/19/2013 - 01:40
TIPS FOR CLEAR DRUPAL FLOOD TABLE

TIPS FOR CLEAR DRUPAL FLOOD TABLE

Drupal 7 avoids brute force targeting the accounts. When more than five efforts failed, it does so by denying the login efforts. In the flood table, the quantity of unsuccessful logins is reported. With the procedure below, you can either wait to login again or tidy the flood table up.

When you have forgotten your password, create a new password and refresh the database.

In Drupal database, execute the following request:

DELETE FROM `flood`;

Login to the database is necessary to execute this order. Typically this is achieved through the command line, or through a GUI interface like phpMyAdmin. If Drush is installed on your computer, the drush sql-cli command provides quick access to a command-line interface for SQL.

From command line, built with Drush:

drush php-eval 'db_query("DELETE FROM `flood`");'

CHANGE OF FAILED LOGIN ATTEMPTS Post LOCKOUT?

This code appears to be in < a href="http:/api.drupal.org / api / drupal / modules — device — user.module / function / user login authenticate validate" > user login authenticate validate). (There tend to be two distinct kinds of flooding: one per Network, and one per user.
As variables, the sum of attempts and time periods are stored, so you can bypass them. Not sure if there is a clear UI for it; otherwise, you can just do:
 

<?php
// Set per-IP failed login attempt limit and window.
variable_set('user_failed_login_ip_limit', 10); // Changed from 50 attempts to 10.
variable_set('user_failed_login_ip_window', 1800); // Changed from 3600 (one hour) to 1800 (half-hour).

// Set per-user failed login attempt limit and window.
variable_set('user_failed_login_user_limit', 10) // Changed from 5 attempts to 3.
variable_set('user_failed_login_user_window', 10800); // Changed from 21600 (6 hours) to 10800 (3 hours).
?>

or control using with settings.php

For a 64-bit computer, PHP INT MAX is 922337203685475807; for a 32-bit system, its value is 2147483647.

$conf['user_failed_login_user_limit'] = PHP_INT_MAX;

$conf['user_failed_login_user_window'] = 5;

 

Drupal contribute module

This module allows site administrators to delete IP addresses from the flood table, or to remove all IP addresses from the table depending on the type of event.

http://drupal.org/project/flood_unblock

Tags
Drupal 7

Comments

Submitted by jshamley (not verified) on Wed, 08/07/2013 - 08:55

Just what we needed. The Flood Unblock module will come in very handy. Thank you.

Add new comment

About text formats

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
6 + 7 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.