What is cominng in version 1.5.7
================================

- New Brute Force Protection Method

** IP Block Method **

The old method (IP Block) make a list of IPs with 6 or more failures in a preset intervale
Then, the IP gets blocked to new login attempts.

The problem with this method is that in the real world there are thousands of zombie servers
trying to get access to the Joomla or Wordpress sites.

The internal IP blacklist list rotate up to 250 ips. So, if there are 1000 attackers, the
brute force will be still possible.

Also we have seen thousands of login attempts made form single differents IPs.

We invite you to see your own log:

cat /usr/share/ilabs_antimalware/logs/loginfailed.log

All entries are failed login attempts. You could see that there is still a huge
distributed brute force attack.

We encourage you to change to the new protection method.

** Domain Lock Method **

The domain lock method consists in lock all login attempts if there are five failed logins
from one or different IPs.

All subsequent login attempts from any IP will recieve a notification with a button to unlock the domain.
This prevents DDOS attacks.

When the user press the unlock button, he will be asked for a captcha resolution.
If the captcha is resolved, he will be redirected to the login form, unlocking the domain for
the user's specific IP.

With this method, the brute force attack will not be possible any more in Joomla and Worpress installations.


Coming soon...
===========================

* Add a button to flush all blocks
* Add a button next to "Scan in progress" to stop stuck scans

Please send your feedback to info@pyxsoft.com

