ListMailPRO Email Marketing Software Forums

ListMailPRO Email Marketing Software Forums => General Help & How-To => Topic started by: dtrack on October 30, 2006, 08:05:55 pm

Title: How do I extend the bad password timeout?
Post by: dtrack on October 30, 2006, 08:05:55 pm

I know nothing about programing but I'm hoping someone can point me to the line in the script where I can extend the bad password attempt timeout.

After months and months of MAYBE one or two outside password attempts a month, I'm suddenly being hit with ten or more a day. They don't seem to be a serious threat as most of them are trying "" or things like qwertyhdfdyekdbsy   but it's annoying to get all the "Bad Password Entered!" emails every day.

I figured if I could extend the timeout from seven seconds to 700 seconds it would cut down on the attempts. I use Roboform to log in myself so it shouldn't cause a problem for me.

Thanks

Dean

Title: How do I extend the bad password timeout?
Post by: DW on October 30, 2006, 10:39:39 pm

Hi Dean,

Do a search for "sleep" in the login.php file.  The value given to the function is the number of seconds to pause.

Regards

Title: How do I extend the bad password timeout?
Post by: mike2 on October 31, 2006, 05:41:16 am

I was thinking for additional security you could add a .htaccess file to only allow your IP or IP range of your ISP access to the login file...

I don't get a lot of reports of this kind of attempt, but I think this would still be a good idea.

Title: How do I extend the bad password timeout?
Post by: dtrack on November 05, 2006, 08:59:50 am

Thanks Dean, I increased the 'sleep' tp 700 seconds which has cut down on the password attempts, but I'm still getting 2 or 3 every day.

Thanks too Mike, although I'm not sure how to set up a .htaccess file.

I was wondering if a simple fix might be to just rename login.php to something else, like loginzz33q.php for example.

Could I do that or is 'login.php' referenced in other listmail files?

If I could do that, I would then change 'login.php' into a php redirect to a money page :-)

Thanks

Dean

Title: How do I extend the bad password timeout?
Post by: DW on November 05, 2006, 05:52:49 pm

I wonder if they are even finding the login.php file or if they are simply browsing to index.php (or your ListMail base folder).  You could replace index.php then simply browse to login.php directly to login.

You -could- rename the login PHP file, I think.  The only thing is you won't be able to logout and when you browse to a page without logging in you won't be redirected properly (it's hard coded into almost every file).  The login cookie will automatically be deleted when you close your browser, however.

Title: How do I extend the bad password timeout?
Post by: dtrack on November 05, 2006, 07:28:08 pm

Ahhh... good point. I didn't realize that my base url (index.php) forwarded to login.php

I just renamed index.php and uploaded a new plain Jane index.htm

Lets see if that works.

Thanks for the quick reply Dean