Joomla! Extensions Directory™

Download
Launch

Brute Force Stop

42 reviews
Get Brute Force Stop (v1.5.2)
logo

Introduction

Access & Security, Site Security, Security Tools

This plugin provides means to avert Brute-Force-Attacks on your Joomla-Installation. For this purpose, the plugin stores information on failed login attempts, so that when reaching a configurable number of such failed login attempts the attacker's IP address can be blocked. Furthermore, you can configure notifications about failed logins and blocked IP addresses, as well as a configurable (optionally even adaptive) delay for a failed login attempt.

The component included in the package will allow you to view the blocked IP addresses and manage them, manage whitelists of IP addresses which will never be blocked, viewing failed log attempts and testing the notification.

New in version 1.5.2:
- Note: Only component changes, no (functional) plugin changes
- Fix errors for PHP < 8

New in version 1.5.1 (1.5.0 pulled due to last minute issues):
- Fix bugs (php 8.x issues, ACL options display)
- IP address and subnet validation
- Controls for overriding number of shown elements in lists
- Joomla 5 compatibility
- Hints to go to plugin settings on installation and in settings view

New in version 1.4.6:
- Fix for server errors in component - issues #191/#194
- Fix filter deprecation warning in plugin

For a detailed list of changes in each version see the commit history:
- For the plugin: https://github.com/codeling/bfstop/compare/1.4.6...1.5.0
- For the component: https://github.com/codeling/com_bfstop/compare/1.4.6...1.5.1

Contributors:
- pt-PT/pt-BR translations and various fixes by solrac (comproperty247(at)gmail.com)
- ca-ES translations by nouespai
- fr-FR translations by Flying_Lolo
- nl-NL translations and various fixes by Rob van Baal (info(at)fischertechnikclub.nl/http://www.fischertechnikclub.nl)
- es-ES translations by Aimagen (info(at)aimagen.com)
- ru-RU translations by Raven (ravencrow(at)mail.ru)
- it-IT translations and various fixes by Stefano Buscaglia (info(at)binarioetico.org/http://www.binarioetico.org)
- old nl-NL translations by Agrusoft

Write a review

This should be a Joomla core feature



Posted on 13 November 2015
Functionality
Does what it is made for
Ease of use
Would be helpfull to have the password logged as well
Documentation
Not always obviopus what it really does
I used this to: To understand how many people try attack the backend
Owner's reply: Thanks for your favorable review!

Regarding storing the password, please see here: https://github.com/codeling/bfstop/wiki/FAQ#why-dont-i-see-the-password-from-the-attempted-login

As for the documentation: Do you have any suggestion how things could be made better understandable? One tends to get a bit blind to such things when working a long time with it, so I'd love to hear suggestions! The ideal place for them would be the issue tracker on github: https://github.com/codeling/bfstop/issues

Brute Force works



Posted on 17 October 2015
Functionality
Works as described - thank you
Ease of use
For a non-developer this plugin was easy to download and install, configure and use. Already a number of IP's blocked.
Support
None needed so far :)
Documentation
Not needed but it is available
I used this to: Picking up unwanted visitors to my administrator login

Does not protect against distributed IPs



Posted on 17 September 2015
Functionality
This extension presumes that all brute force attacks come from a single IP address. That's just not typical of the attacks I see.
Ease of use
Not a problem to use.
Owner's reply: Hi and thanks for your review!
True, bfstop in its current form does not provide real protection against distributed attacks. I've also seen increased numbers of those, so there are some plans from my side to implement some countermeasures, see https://github.com/codeling/bfstop/issues/76 . If you have any further suggestions how this could be dealt with better, I would love to hear them!

Should be in Joomla Core



Posted on 18 August 2015
Functionality
Attackers get 3 knocks at my administrative login, and then they have to wait 5 minutes. Foils automated brute force attacks.
Ease of use
Simply install, and set 2 config options.
I used this to: Stop automated brute force attacks so my server logs don't fill up and become huge.

Nice plugin



Posted on 27 June 2015
Functionality
Practical, everyone should use, BUT I would also like to see the password the user tried to use to login.
Ease of use
Weird the settings tab tests emails, weird the settings tab tests emails. If there are no settings it shouldn't have a title of settings
Owner's reply: Thanks for your review, and sorry for taking such a long time to get back to you on the points you mention.
As for seeing the password of the attempt, since I've also been asked this per mail already, I've asked an FAQ entry about it, see https://github.com/codeling/bfstop/wiki/FAQ#why-dont-i-see-the-password-from-the-attempted-login

Regarding the settings tab: The plan is to move all the settings there, see https://github.com/codeling/bfstop/issues/88 . Will be included in one of the next bfstop versions, probably 1.4!

Agree as Joomla! core extensions



Posted on 03 April 2015
Functionality
Great!!
Ease of use
As easy as counting 1-2-3..
I used this to: I use this for all my sites...
Owner's reply: Thanks very much for taking the time to write a review!
One quick question regarding your support rating - did you have any problems that weren't solved? In case of bugs or questions please open an issue at https://github.com/codeling/bfstop/issues and I'll try my best to help!

Super simple, super solid



Posted on 28 March 2015
Functionality
Works perfectly
Ease of use
Very easy to use.
Documentation
Self explainig
I used this to: Protect my site because i found many login tries in my logs.

A must have!



Posted on 28 March 2015
Functionality
A must have for all Joomla sites!
Ease of use
Ease of Use
Support
Documentation
I used this to: I use this for all my sites.

Thanks a lot!

Should be a core feature



Posted on 11 March 2015
Functionality
Ease of use
I used this to: This should be a core feature. After seeing how many failed login attempts were in my apache error logs, I installed this plugin and am shocked at how many failed logins it's caught in just the past half hour.

problems with 1.3



Posted on 07 March 2015
Ease of use
Support
Documentation
I used this to: I really liked this in joomla 2.5, but when I updated to Joomla 3.3, I installed the new version.Even after manually deleting all files and database tables there was an error on attempting to send an email notification 'class xxx not found in administrator/..../settings.php.
Owner's reply: Thanks for your review!
Regarding ease of use, any specific problems you had setting it up? If you have any suggestion regarding improving the usability, I'd be very glad to hear it (ideally you would report an issue on https://github.com/codeling/bfstop/issues)! Regarding support, I would also love to hear your suggestions on what I could improve - but please also consider that I'm writing (as well as giving support for) this plugin in my free time.

Brute Force Stop

Version:
1.5.2
Developer:
Bernhard Froehler
Last updated:
Feb 18 2024
1 year ago
Date added:
Nov 19 2014
License:
GPLv2 or later
Type:
Free download
Includes:
c p
Compatibility:
J3 J4 J5
Download

Uses Joomla! Update System

Demo Support Documentation

Score:

Functionality:
Ease of use:
Support:
Documentation:

Write a review