We did some digging and it seems like these guys are building tools specifically for Joomla now like [removed]
Other than strong passwords, what are some measures you guys are using? We did a mod_security rule recently that we're testing now that might need some beefing up. Not sure.. I'll share here.
What this mod_sec rule does (designed to do) is watch the joomla administrator URL path and repeated attempts are recorded and then long delays are put into place if you get past so many attempts.
Code: Select all
SecRule RESPONSE_BODY "Username and password do not match" "phase:4,pass,setvar:
SecRule IP:FAILED_LOGINS "@gt 3" "phase:4,allow,pause:3000"