[GH-ISSUE #206] Has anyone setup fail2ban filter for vimbadmin? #161

New issue

Closed

opened 2026-02-26 09:36:24 +03:00 by kerem · 2 comments

kerem commented 2026-02-26 09:36:24 +03:00

Owner

Copy link

Originally created by @ghost on GitHub (Sep 21, 2016).
Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/206

looking at opening up vimbadmin for customer password reset and wondering how to best protect it from abuse.

Originally created by @ghost on GitHub (Sep 21, 2016). Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/206 looking at opening up vimbadmin for customer password reset and wondering how to best protect it from abuse.

kerem closed this issue 2026-02-26 09:36:24 +03:00

kerem commented 2026-02-26 09:36:25 +03:00

Author

Owner

Copy link

@barryo commented on GitHub (Sep 21, 2016):

You can set up fail2ban filters for the Apache log - e.g. on:

10.5.6.8 - - [21/Sep/2016:23:42:03 +0100] "POST
/vimbadmin/auth/lost-password HTTP/1.1" 302

Note that ViMbAdmin will send you to the password reset page whether you
entered a right email or not - note the message:

"If your username was correct, then an email with a key to allow you to
change your password below has been sent to you."

• Barry

WCat wrote:

looking at opening up vimbadmin for customer password reset and
wondering how to best protect it from abuse.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/opensolutions/ViMbAdmin/issues/206, or mute the
thread
https://github.com/notifications/unsubscribe-auth/AAxHKTG8trIwAB_u2PE4byubEVEbwtroks5qsXEIgaJpZM4KDGhp.

<!-- gh-comment-id:248764237 --> @barryo commented on GitHub (Sep 21, 2016): You can set up fail2ban filters for the Apache log - e.g. on: 10.5.6.8 - - [21/Sep/2016:23:42:03 +0100] "POST /vimbadmin/auth/lost-password HTTP/1.1" 302 Note that ViMbAdmin will send you to the password reset page whether you entered a right email or not - note the message: "If your username was correct, then an email with a key to allow you to change your password below has been sent to you." - Barry WCat wrote: > looking at opening up vimbadmin for customer password reset and > wondering how to best protect it from abuse. > > — > You are receiving this because you are subscribed to this thread. > Reply to this email directly, view it on GitHub > https://github.com/opensolutions/ViMbAdmin/issues/206, or mute the > thread > https://github.com/notifications/unsubscribe-auth/AAxHKTG8trIwAB_u2PE4byubEVEbwtroks5qsXEIgaJpZM4KDGhp.

kerem commented 2026-02-26 09:36:25 +03:00

Author

Owner

Copy link

@ghost commented on GitHub (Sep 21, 2016):

OK, thank you Barry. Great product that has served me well for a few years now.

<!-- gh-comment-id:248770264 --> @ghost commented on GitHub (Sep 21, 2016): OK, thank you Barry. Great product that has served me well for a few years now.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/composer/smarty/smarty-4.3.1

v2

3.4.1

3.4.0

3.3.0

3.2.1

3.2.0

3.1.1

3.1.0

3.0.15

3.0.14

3.0.13

3.0.12

3.0.11

2.2.4

3.0.10

3.0.9

3.0.8

3.0.7

3.0.6

3.0.5

3.0.4

3.0.3

3.0.2

3.0.1

3.0.0

2.2.3

2.2.2

2.2.1

2.2.0

2.1.0

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

0.3.4

0.3.3

0.3.2

0.3.1

0.3

Labels

Clear labels   

bug

  

feature

  

feature

  

improvement

  

improvement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

feature

feature

improvement

improvement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ViMbAdmin-opensolutions#161

No description provided.