Necessary protection for online stores

 Dear TRUECMS customers.

This is a special offer for our customers who uses Drupal and Ubercart online store and it contains important information on protection your web site and online store against brute force attack.

Drupal CMS is rated as one of the most secure CMS and it offers few outstanding security features and validation of users. Besides, it isn't protected against "brute force attack".

In short - brute force attack is a way of trying to get access to your web site administrative backend by guessing username and password. As many administrators have simple to remember passwords, it is quite possible that a script can find matching username and password to access your website as administrator and read information about your customers, their orders and credit cards information.

In the last few weeks we have developed a module that can be used with Drupal CMS to reduce a chance of script finding this type of information by introducing incremental delays in displaying login form in case if username and (or) password have been entered incorrectly.

Following are features of the module:

Soft Protections:

- Request Time delay: On any failed login, a time delay in included to the submit
request, hardening the brute force attack to the login form.
- Block login forms or requests, when the protection flag is enabled the form is
never submitted, and any request even with a valid form token ID will be dropped,
but the host still can access the site.

Hard Protections:

- Block account: on a number of failed attempts, the account can be blocked.
- Block IP: on a number of failed attempts, a host may be added to the access
control list.

Notes:

- soft block for hosts will expire in the amount of hours configured.
- hard blocked hosts will not be removed from list. It should be done manually.
- blocked accounts will not be removed from block list. It should be done manually.

Please contact us if you would like to protect your web site against unauthorised hacker login.