Captcha in the admin login

[enricodias4654]

Hello.

There are captchas in other parts of the script, why not in the admin area login?

 

[sukhman21]

Are you experiencing brute force attacks ???

 

[enricodias4654]

Are you experiencing brute force attacks ???

No, but it can happen.

 

[paypal1352]

just change the admin folder name and path in the config file and strip all info from the page itself that its an admin login, and if somehow someone finds it they wouldnt know what the login is for

i dont know if this would work, couldnt you just delete the admin folder and upload it only when you need it, then delete it again when you're done, i dont think its needed for the script to run

 

[enricodias4654]

just change the admin folder name and path in the config file and strip all info from the page itself that its an admin login, and if somehow someone finds it they wouldnt know what the login is for

i dont know if this would work, couldnt you just delete the admin folder and upload it only when you need it, then delete it again when you're done, i dont think its needed for the script to run

You can't delete the admin folder, cron tasks are inside it. Renaming it will just make the attacker take a little longer to figure out the new name. The attacker will assume that a strange login screen is the admin.

As I have fixed ips on my company I restricted the access using .htaccess, but for the people that can't do this captcha is the best option.

 

[sukhman21]

for my website, i have my admin folder name changed to something random and updated in config file as mentioned by paypal1352. Just out of curiosity, how would attackers still be able to get my admin login page URL?
Personally i haven't seen any attacks on my admin page so far.

 

[enricodias4654]

for my website, i have my admin folder name changed to something random and updated in config file as mentioned by paypal1352. Just out of curiosity, how would attackers still be able to get my admin login page URL?
Personally i haven't seen any attacks on my admin page so far.

They can guess it, use brute force or dictionary attacks and etc.

Few months ago I managed to download a .DS_Store file from a website who was hiding the admin folder and with this file I managed to get the file structure from his website and find the admin url. This is just a silly example.