Introduction

Access & Security, Site Security, Security Tools

This plugin provides means to avert Brute-Force-Attacks on your Joomla-Installation. For this purpose, the plugin stores information on failed login attempts, so that when reaching a configurable number of such failed login attempts the attacker's IP address can be blocked. Furthermore, you can configure notifications about failed logins and blocked IP addresses, as well as a configurable (optionally even adaptive) delay for a failed login attempt.


The component included in the package will allow you to view the blocked IP addresses and manage them, manage whitelists of IP addresses which will never be blocked, viewing failed log attempts and testing the notification.

New in version 1.5.2:
- Note: Only component changes, no (functional) plugin changes
- Fix errors for PHP < 8

New in version 1.5.1 (1.5.0 pulled due to last minute issues):
- Fix bugs (php 8.x issues, ACL options display)
- IP address and subnet validation
- Controls for overriding number of shown elements in lists
- Joomla 5 compatibility
- Hints to go to plugin settings on installation and in settings view

New in version 1.4.6:
- Fix for server errors in component - issues #191/#194
- Fix filter deprecation warning in plugin

For a detailed list of changes in each version see the commit history:
- For the plugin: https://github.com/codeling/bfstop/compare/1.4.6...1.5.0
- For the component: https://github.com/codeling/com_bfstop/compare/1.4.6...1.5.1

Contributors:
- pt-PT/pt-BR translations and various fixes by solrac (comproperty247(at)gmail.com)
- ca-ES translations by nouespai
- fr-FR translations by Flying_Lolo
- nl-NL translations and various fixes by Rob van Baal (info(at)fischertechnikclub.nl/http://www.fischertechnikclub.nl)
- es-ES translations by Aimagen (info(at)aimagen.com)
- ru-RU translations by Raven (ravencrow(at)mail.ru)
- it-IT translations and various fixes by Stefano Buscaglia (info(at)binarioetico.org/http://www.binarioetico.org)
- old nl-NL translations by Agrusoft

Functionality
It does what it is supposed to do. Blocks IP’s easily after they continue to try to login in front or backend.
Ease of use
Self explanatory, hover over where you want information about. Alle very logical
Documentation
Flexible, because most of the documentation is built into the product at the places where you need it.
I used this to: Protecting my website, which works very effective.
On my wishlist is the possibility of blocking a complete range of IP’s.
Okay, the current approach blocking after a few times is also working, but blocking a range could stop a persistent attacker.
Owner's reply: Thanks for the review!

Regarding your wishlist, blocking a range of IP’s is actually already possible, though only for IPv4 addresses at the moment, and only for database-based blocking. Go to Components -> Brute Force Stop -> Blocked IPs (Database); there you can add IP addresses by entering a range in the CIDR suffix notation as IP address (such as "1.2.3.0/24" for blocking 1.2.3.0 to 1.2.3.255). There will be improvements to this in the upcoming version 1.5.0 (display of blocked ranges in the block list and enabling blocking ranges via htaccess). Blocking IPv6 ranges is planned for version 1.6.0.

If you have any further questions or enhancement requests, I encourage you to use the github issue tracker at https://github.com/codeling/bfstop/issues !

Job done!



Posted on 13 May 2018
Functionality
Covers every significant function.
Ease of use
Very easy.
Support
Not needed.
Documentation
Not needed.
I used this to: Stopping brute force login attempts.
Functionality
Ce qu'il faut
Ease of use
Configuration très simple
Documentation
Très correcte
I used this to: Joomla est assez ciblé, et les tentatives de brut force sur admin existent.

Simple but super effective



Posted on 21 April 2017
Functionality
Easy to install
Ease of use
Perfect simplicity
Support
Not needed
Documentation
Not needed - The plugin makes it a breeze without the need to delve too deeply
I used this to: Preventing random login attempts
Functionality
Great functionality. Does exactly what it says
Ease of use
Three minutes to install and configure. Fabulous
Support
not needed
Documentation
not needed
I used this to: Increased security on my Joomla sites
Functionality
Great
Ease of use
Great
Support
n/a, we did not need support
Documentation
Excellent
I used this to: Our scanOpenLevel customer support web site
Functionality
very good
Ease of use
very easy
Support
good
Documentation
very good
I used this to: block brute force

Fantastic



Posted on 04 June 2016
Functionality
Works as advertised. User notification is superb.
Ease of use
Install to fully configured and tested was 6 minutes. Couldn't as for better.
Support
Not necessary
Documentation
I used this to: Controlling front end-brute force attacks.

newbie



Posted on 14 May 2016
Functionality
10/10
Ease of use
9/10
Support
10/10
Documentation
I just want to ask how to execute this. I have no idea. I'm not a web developer. Thanks!

configure and publish the "System - Brute Force St
I used this to: Blocking login attempt.
Owner's reply: Typically the default settings are sufficient, you just need to make sure the plugin is enabled. Do this via Extensions -> Plugins, there search e.g. for "Brute Force", then toggle the "status" column until a green check mark is shown.

For more questions, please use the issue tracker over at https://github.com/codeling/bfstop/issues.
Functionality
Does what it is made for
Ease of use
Would be helpfull to have the password logged as well
Documentation
Not always obviopus what it really does
I used this to: To understand how many people try attack the backend
Owner's reply: Thanks for your favorable review!

Regarding storing the password, please see here: https://github.com/codeling/bfstop/wiki/FAQ#why-dont-i-see-the-password-from-the-attempted-login

As for the documentation: Do you have any suggestion how things could be made better understandable? One tends to get a bit blind to such things when working a long time with it, so I'd love to hear suggestions! The ideal place for them would be the issue tracker on github: https://github.com/codeling/bfstop/issues

Brute Force Stop

Version:
1.5.2
Developer:
Bernhard Froehler
Last updated:
Feb 18 2024
5 days ago
Date added:
Nov 19 2014
License:
GPLv2 or later
Type:
Free download
Includes:
c p
Compatibility:
J3 J4 J5
Download

Uses Joomla! Update System

Score:


Write a review