hey

it would be useful to add some securer defaults, imitating partially Drupal 7.
example:

IP Track time: 1 hour
User Track time: 6 hours
Login delay base time: 5 seconds
Increase delay for each attempt?: Yes
Maximum number of login failures before detecting an ongoing attack: 10
Maximum number of login failures before soft blocking a user: 5
Maximum number of login failures before blocking a user: 10
Maximum number of login failures before soft blocking a host: 25
Maximum number of login failures before blocking a host: 50
Notifications: all unchecked

using ideas from Flood Control (D7) and from these issues:
http://drupal.org/node/1033418
http://drupal.org/node/1033420

Comments

deekayen’s picture

Version: 6.x-1.x-dev » 7.x-1.x-dev

bumping version