Ask to solve reCaptcha after X failed login attempts

Discussion in 'Setting-up protection' started by anand kumar, Apr 27, 2015.

  1. anand kumar

    anand kumar New Member

    Joined:
    Nov 11, 2013
    Messages:
    5
    I think it will be better to ask for solving reCaptcha on Login forms after x number of failed login attempts instead of banning the login for a few minutes. Isn't it a good option?

    Something Like this:
    x failed login attempts ------> Ask to Solve reCaptcha -------> Allow another x login attempts (still failed to login) --------> block login for y minutes.

    What does "ReCaptcha Theme for Login Page" does? I find it her: /amember/admin-setup/loginpage?

    May be I have missed something!
  2. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274
    You can add reCaptcha to login page so every user have to solve it and this way to will block robots.
    Bruteforce attack's protection is something different. This protection should block users who try to guess password, and this doesn't matter is that a human or bot.


    In regards to theme, have a look:
    https://developers.google.com/recaptcha/old/docs/customization
  3. anand kumar

    anand kumar New Member

    Joined:
    Nov 11, 2013
    Messages:
    5
    @alexander I understand they are different things but I guess most of the brute force attack comes from bots; isn't it? In such case user should allowed to solve captcha and retry login, since human can be verified easily (considering the bots are *dumb* to solve reCaptcha).

    What I said is to enable reCaptcha if user/bot tried to login and failed couple of times. If we ask them to solve captcha we can eliminate almost all bots. if the human fails in another couple of attempts we can say they are trying to brute force and temporarily ban such users.

    Secondly, I am unable to find anything to enable recaptcha on login page!
  4. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274
    reCaptcha should be available on login page by default if you have it configured in amember CP -> Setup -> reCaptcha
    Did you set public/private keys?
  5. anand kumar

    anand kumar New Member

    Joined:
    Nov 11, 2013
    Messages:
    5
    Yes, It appears on Signup page/s correctly.
  6. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274
    Sorry that was my mistake it can;t be placed to login form yet.
  7. anand kumar

    anand kumar New Member

    Joined:
    Nov 11, 2013
    Messages:
    5
    No problem! The thing i asked was something used by many social sites and is most *efficient* way to protect login. I thought if there is an option to choose a theme that means it's available to protect login pages.

    This is something I was looking:
    x failed login attempts ------> Ask to Solve reCaptcha -------> Allow another x login attempts (still failed to login) --------> lock login for y minutes.

    I hope it will be available soon.
  8. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,274

Share This Page