Author Topic: question about anti brute force lockout  (Read 338 times)

Offline mk23

  • Newbie
  • *
  • Posts: 1
question about anti brute force lockout
« on: August 05, 2020, 10:33:40 AM »
So I understand that this option,

// Brute-force attacks prevention.
// The value specifies maximum number of failed logon attempts per minute.
$config['login_rate_limit'] = 3;

Will disable an account after 3 failed login attempts within 60 seconds, but for how long.
That is how long will a disabled user have to wait before they are re-eneabled?
Also is there a way to manually re-eneable the user?

Thanks

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,487
Re: question about anti brute force lockout
« Reply #1 on: August 05, 2020, 11:28:03 AM »
Its x many attempts per 60 seconds.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and moreā€¦