Forum
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Morten
  2. Friday, August 25, 2017
  3.  Subscribe via email
Hello,

I just tested to brute force a Magento admin/downloader url, but was not blocked.
We also have Comodo WAF, but either cwaf or Imunify did block the brute force attack.

Could you please get a rule to block ip after 10 attempts within 2 minutes or something?

https://magento.com/security/best-practices/protect-your-magento-installation-password-guessing-new-update
Rate this post:
  1. 25.08.2017 15:08:05
  2. # 1
Posts: 46
Joined: 31.01.2017
0
Votes
Undo
1) Please check whether brute force testing is performed from the same IP you are connecting to WHM (as it is auto-whitelisted)
2) Were any incidents added while you were brute force testing Magento?
  1. 27.08.2017 18:08:03
  2. # 2
Morten Accepted Answer
Posts: 99
Joined: 16.04.2014
0
Votes
Undo
1. I tried different IP's trough VPN and none of those had been listed on the server in anyway.
2. No. I guess you don't have any rule for that yet.
  1. 20.10.2017 10:10:04
  2. # 3
Oleksiy Shchukin Accepted Answer
Posts: 18
Joined: 16.03.2017
0
Votes
Undo
Hi Morten,

I am sorry for turning back so late. We are working on adding the rule (internal task tracker id: DEFA-110) and will post the update 10/27/17, the latest.
  1. 31.10.2017 10:10:50
  2. # 4
Morten Accepted Answer
Posts: 99
Joined: 16.04.2014
0
Votes
Undo
Thanks Oleksiy!
But I cannot see it yet and not in 2.6.1 either...
  1. 31.10.2017 12:10:38
  2. # 5
Oleksiy Shchukin Accepted Answer
Posts: 18
Joined: 16.03.2017
0
Votes
Undo
Hi Morten,

Our dev for task DEFA-110 is on sickleave thus I regret to inform that ETA for this task was shifted to 10/3/2017.

We will keep you updated.
  1. 09.11.2017 19:11:20
  2. # 6
Morten Accepted Answer
Posts: 99
Joined: 16.04.2014
0
Votes
Undo
Any new update?
  1. 17.11.2017 11:11:25
  2. # 7
Andrew Rassokhin Accepted Answer
Posts: 1
Joined: 17.11.2017
0
Votes
Undo
Thank you for your submission, we will add this feature until the end of this year. Have a nice day!
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Remove Upload Files (Maximum File Size: 2 MB)
You may insert polls into your post. The poll would then appear in the post.
Vote Options
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.