This module prevents brute-force password cracking attempts on the admin panel. With the default configuration, it will lock a user's account after 5 failed login attempts within any 60 minute period.
Pre-setup: If you do not already have FireGento_AdminMonitoring installed, you'll need to install it first.
- Download the zip file, or
git clonethe repo - Copy all of the contents from the
BubbleUp_Fail2bandirectory into your Magento Root directory. This can be done with drag-and-drop. You do not need to copy theLICENSEandREADME.mdfiles. - Clear caches if enabled.
To make sure it's working, attempt to log into the admin panel with an incorrect username or password. If the module is working, it will say that you only have 4 attempts left.
To allow some users to bypass the brute-force protection mechanism, you can ask them for their IP address and add it in the whitelist field under System=>Configuration=>Advanced=>Admin=>"BubbleUp Fail2Ban : Brute force protection for admin logins". You can add as many IPs as you want, separated by commas.
By default, the module limits each user to 5 login attempts within any 60 minute time window. These limits are completely configurable in the admin panel.
Can this module be used stand-alone, without also installing FireGento_AdminMonitoring?
Not currently. If you aren't already using the AdminMonitoring module, we highly recommend installing it. PCI-DSS requirement 10 states:
Logging mechanisms and the ability to track user activities are critical in preventing, detecting and minimizing the impact of a data compromise.
I'm a developer and want this module to be decoupled from the FireGento_AdminMonitoring extension.
Great! This module is only very loosely coupled to the AdminMonitoring module. All you'll need to do is override these two classes using the <rewrite> directive, and implement your own functions for BubbleUp_Fail2ban_Model_History::getFailedLoginCollection($username, $startTime) and optionally, BubbleUp_Fail2ban_Model_History_Login::logLockout($userId, $username, $message).