Help protect the website from attackers or bad actors, by identifying, preventing, or mitigating security vulnerabilities.

User knock

User knock emulates "port knocking" by disabling the superuser (uid 1) account when they log out.

Categories: Actively maintained, Under active development, Administration tools, Security

Spammer Slapper

Spammer Slapper is a system that pulls together several resources from different anti-spam projects to stop comments spamming on forums, blogs, and boards.

Categories: Minimally maintained, Under active development, Security

Duo Two-Factor Authentication

This module is unsupported due to the vendor no longer supporting it.

If you want to use this module, your options are:

⚠ Duo's two-factor solution for Drupal 6 and 7 reached end of support on January 28, 2021.

What is Duo?

Duo is the simplest and safest way to secure any Internet login or transaction. Duo leverages consumers’ existing mobile devices for strong, usable, risk-adaptive two-factor authentication, backed by a secure cloud-hosted service.

This Drupal module adds Duo Security's two-factor authentication to your Drupal 6.x/7.x site.

This is the only Drupal 2FA project maintained and supported by Duo Security.

Categories: Unsupported, No further development, Administration tools, Security, Access control

Webform Encrypt

webform_encrypt.png

This module creates the ability to encrypt fields/components from the Webform module.

Categories: Actively maintained, Under active development, Security

Username Enumeration Prevention

What Is Username Enumeration Prevention

By default Drupal is very secure (especially Drupal 7). However, there is a way to exploit the system by using a technique called username enumeration. Both Drupal 6 and 7 have this issue, but it is much worse for people using Drupal 6. This is because Drupal 6 does not have any built in brute force prevention. When an attacker knows a username they can start a brute force attack to gain access with that user. To help prevent this, it is best if usernames on the system are not easy to find out.

Attackers can easily find usernames that exist by using the forgot password form and a technique called “username enumeration”. The attacker can enter a username that does not exist and they will get a response from Drupal saying so. All the attacker needs to do is keep trying usernames on this form until they find a valid user.

This module will stop this from happening. When the module is enabled, the error message will be replaced for the same message as a valid user and they will be redirected back to the login form. If the user does not exist, no password reset email will be sent, but the attacker will not know this is the case.

Categories: Actively maintained, Under active development, Access control, Security

Services Accept Origin

This is an authentication module for Services (http://drupal.org/project/services).

Categories: Actively maintained, Under active development, Security

Pages

Subscribe with RSS Subscribe to RSS - Security