Security of your Moodle site from brute force attacks is a major concern for your Moodle Administrators since any loophole in the security may result in infected or even a total crash of your Moodle site.
By default in Moodle core there is an option under Site Policies to lockout any account based on the number of incorrect logins within a certain period of time but this may also be abused in denial of service attacks.
Sebsoft have released a new plugin to prevent hammering your Moodle login system. Hammering is the process of pretty much brute force attacking Moodle’s login system.
This plugin provides you the option to block the attack based on the IP address or username along with messaging options to administrators and adding blocked IP’s to site configuration.
Before enabling this plugin, please make sure that you haven’t accidentally turned on the user mode in Antihammer and account lockout feature at same time as it may result in unintended side effects.
You can download the latest version of the Anti hammering plugin from the Moodle plugins database through – https://moodle.org/plugins/auth_antihammer
What are the other security measures you have taken to secure your Moodle Site? Do let us know in the comments below.
References:
Menu
Menu
