Brute-force Prevention is designed to protect Tigase Server against user password guessing. It counts invalid login tries and when it is above limit, it locks login ability for specific time (soft ban). When invalid login counter reaches second level, account will be disabled permanently.
Brute-force Prevention is configured by VHost. There is following lis of configuration parameters:
|
| Brute Force Prevention Enabled |
|
| Number of allowed invalid login |
|
| Time [sec] in what failed login tries are counted |
|
| Threshold beyond which account will be permanently disabled |
|
| Time [sec] of soft ban (first threshold) |
|
| Working mode (see the section called “Working modes”) |
There are three working modes:
Ip
- it counts invalid login tries from IP, and locks login ability (soft ban) for IP what reach the thresholdIpJid
- it counts tries from IP to specific user account. Soft ban locks ability of login to specific JID from
specific IP.Jid
- similar to IpJid
but checks only JID. Soft ban locks ability of login to specific JID from all IPs.Only in modes Jid
and IpJid
account may be permanently disabled.
In modes Jid
and IpJid
, when invalid login counter reach threshold brute-force-disable-after-fails
, account
status will be set o disabled
.
To enable it again you should use Re-Enable User Ad-hoc
Command.