Roundcube Community Forum

Release Support => Pending Issues => Topic started by: mk23 on August 05, 2020, 10:33:40 AM

Title: question about anti brute force lockout
Post by: mk23 on August 05, 2020, 10:33:40 AM

So I understand that this option,

// Brute-force attacks prevention.
// The value specifies maximum number of failed logon attempts per minute.
$config['login_rate_limit'] = 3;

Will disable an account after 3 failed login attempts within 60 seconds, but for how long.
That is how long will a disabled user have to wait before they are re-eneabled?
Also is there a way to manually re-eneable the user?

Thanks

Title: Re: question about anti brute force lockout
Post by: JohnDoh on August 05, 2020, 11:28:03 AM

Its x many attempts per 60 seconds.