Release IP after how many minutes (after last failed attempt) $config['expire_time'] = 30
GSEPE opened this issue · 1 comments
GSEPE commented
I appreciate your work keeping a crucial repository like this for Roundcube alive.
Prob I identified an issue:
I understand that the parameter,
// Release IP after how many minutes (after the last failed attempt)
$config['expire_time'] = 30
in the config.inc.php file, it locks your IP for 30 minutes if you fail too many times.
Trying to manually "brute force" my account, I see that after x tries the message that I tried too many times appears,
but if I then input the correct password, the system lets me in.
For what I mean by this check, the system should stop checking my password after x failed logins, but it is not.
( I use
// Number of failed logins before CAPTCHA is shown
$config['failed_attempts'] = 0;
to trigger the CAPTCHA immediately).
TY