hi to avoid brute force attacks it will be good if there is Google Captacha on VestaCP Login screen , it can be added to admin settings to enable it by adding public and private keys :)
:-1: I wouldn't want to use a captcha every time I log into my own admin panel. If brute-force is what you're worried about, I'd add functionality that block anyone attempting a brute force (something like 5-10 failed attempts?). Two-factor auth is another option.
I'd add functionality that block anyone attempting a brute force (something like 5-10 failed attempts?)
It`s will be much better than capthca, as for me.
Nginx with ngx_http_limit_req_module and few strings in confiig - prefect and lightweight antibot.
Hmmm in Google Captcha v2 you just need one click while it verify you , it that you will be entering username and password :) anyway currently what we have to stop user from brute force attacks !
this feature request mean that there should be something , Captacha or ban user for 3 hours with 5-10 failed attempts
@soysaltan please make that into a gist.
web/templates/login.html : https://gist.github.com/soysaltan/470f1609a9aaef95a6efcd08611af8a2
web/login/index.php : https://gist.github.com/soysaltan/778b90088a7cb21e33f94a9d3f37d2f9
I think that two factor auth is the proper solution to this problem: https://github.com/serghey-rodin/vesta/issues/1459
@darkworks , declined
And if you use the invisible recaptcha, would that be an option?
Most helpful comment
:-1: I wouldn't want to use a captcha every time I log into my own admin panel. If brute-force is what you're worried about, I'd add functionality that block anyone attempting a brute force (something like 5-10 failed attempts?). Two-factor auth is another option.