Contrib.social

Excluded admin users from flood control block

Open on Drupal.org →
Created on 22 December 2024, 3 months ago

Problem/Motivation

I tried test case scenario , trying make login with admin username with wrong password 5 times and user blocked.
So, I ask about a solution for handling and excluded admin users from blocked.

Steps to reproduce

- Make 5 times login with correct admin username and wrong password

Proposed resolution

Remaining tasks

User interface changes

- Add configuration tab for exclude user role

API changes

Data model changes

Feature request
Status

Active

Version

3.0

Component

Code

Created by

🇪🇬Egypt mahmoudsayed96 Cairo

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @mahmoudsayed96
  • Comment 2 months ago
    🇻🇳Vietnam doidd

    Not limiting the number of login attempts for admin accounts creates a significant security vulnerability that can easily be exploited by attackers. This approach increases the risk of brute force attacks, as attackers can try endless combinations without facing any restrictions.
    A better solution is to use an IP whitelist feature.

  • Comment 2 months ago
    🇳🇱Netherlands batigolix Utrecht

    The actual logic that blocks or excludes an account or ip address is done by Drupal Core.

    The contrib module Flood Control provides a UI for Core settings and for Unblocking accounts or IPs.

    Feel free to move this issue to the Drupal Core queue.

  • Status changed to Closed: works as designed 10 days ago
  • Comment 10 days ago
    🇳🇱Netherlands batigolix Utrecht
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024