Release IP after how many minutes (after last failed attempt) $config['expire_time'] = 30

Question

Release IP after how many minutes (after last failed attempt) $config['expire_time'] = 30

GSEPE opened this issue 10 months ago · 1 comments

I appreciate your work keeping a crucial repository like this for Roundcube alive.

Prob I identified an issue:
I understand that the parameter,

// Release IP after how many minutes (after the last failed attempt)
$config['expire_time'] = 30

in the config.inc.php file, it locks your IP for 30 minutes if you fail too many times.
Trying to manually "brute force" my account, I see that after x tries the message that I tried too many times appears,
but if I then input the correct password, the system lets me in.

For what I mean by this check, the system should stop checking my password after x failed logins, but it is not.
( I use

// Number of failed logins before CAPTCHA is shown
$config['failed_attempts'] = 0;

to trigger the CAPTCHA immediately).

TY

Answer 1 · 2024-01-01T17:32:27.000Z

@GSEPE : you're right, I also used from beginning on my installations $config['failed_attempts'] = 0;

Have updated now default and added also warning note.