Coding: Brute Force protection for administration
completed by: Kshitij
mentors: Carsten Schmitz, Marcel Minke
1. Problem Description
It would be great if some sort of brute force admin interface password guessing prevention mechanism is put in place. The authentication process should be automatically delayed with XX seconds if a brute force attack is detected. This will be enough to slowdown an attacker to a level where the brute force attack would not be feasible. This can be combined with password complexity rules and will have minimal user impact.
2. Task description
Code a brute force detection which counts the number of unsuccessfull logins on a certain account and gradually raises an enforced delay between login tries. So first 3 attemps are without delay and after that it should add increasing delays up to 30 mins.
3. Task Steps
- Install the LimeSurvey development version
- Check out the current login procedure
- Code the new feature
Time Frame: 72 hours
Skills: PHP, SQL
Mentor: Carsten Schmitz, Marcel Minke (both German/English)