Something we've noticed lately. As Umbraco gets more popular and grows, so too does the attention it garners from some malicious actors it seems.
We've always had confidence in the security of Umbraco. As I've seen it swat away injection attempts and the like. I don't understand the full extent of the security in place but also no reason to doubt it.
What we perhaps don't have an answer to though that i've noticed recently is bruteforce attacks against the Umbraco Log-in page.
We do see the IP, so we can block these users. However, of course, this isn't very practical to monitor and do manually. It is perhaps something one might miss from Wordpress, if such a thing were possible. You could install a plugin that'd monitor traffic and block automatically and based off spam lists online. Of course, if you didn't on Wordpress you wouldn't have a site within 24 hours of launching it so hey ho...
What's the equilavent for Umbraco? How can we futureproof our login url from these bruteforce attacks targetting Umbraco installations?
In fact; i'm curious if anyone has experienced such a thing on their own installations in the first place.
The usernames they appeared to try were "Admin", "AdminU" and "sitename"
Umbraco will lock a user out after so many incorrect login attempts (I think the default is 5). After that, the user will need to reset their password to login, so a brute force attack to login to the backoffice shouldn’t work.
I think Wordpress had a more general throttling plug-in so if an IP makes a certain number of requests within a certain time period it would blacklist you, but I don’t know if anything like that in Umbraco.
I usually use a WAF in front of Umbraco sites to add additional protection for things like brute force attacks. And, I will also IP restrict the Umbraco login page if able, to make sure only valid users can even try to login.
Umbraco Log-In Bruteforce Attacks
Hi folks,
Something we've noticed lately. As Umbraco gets more popular and grows, so too does the attention it garners from some malicious actors it seems.
We've always had confidence in the security of Umbraco. As I've seen it swat away injection attempts and the like. I don't understand the full extent of the security in place but also no reason to doubt it.
What we perhaps don't have an answer to though that i've noticed recently is bruteforce attacks against the Umbraco Log-in page.
We do see the IP, so we can block these users. However, of course, this isn't very practical to monitor and do manually. It is perhaps something one might miss from Wordpress, if such a thing were possible. You could install a plugin that'd monitor traffic and block automatically and based off spam lists online. Of course, if you didn't on Wordpress you wouldn't have a site within 24 hours of launching it so hey ho...
What's the equilavent for Umbraco? How can we futureproof our login url from these bruteforce attacks targetting Umbraco installations?
In fact; i'm curious if anyone has experienced such a thing on their own installations in the first place.
The usernames they appeared to try were "Admin", "AdminU" and "sitename"
Umbraco will lock a user out after so many incorrect login attempts (I think the default is 5). After that, the user will need to reset their password to login, so a brute force attack to login to the backoffice shouldn’t work.
https://our.umbraco.com/Documentation/Reference/Security/password-reset
I think Wordpress had a more general throttling plug-in so if an IP makes a certain number of requests within a certain time period it would blacklist you, but I don’t know if anything like that in Umbraco.
I usually use a WAF in front of Umbraco sites to add additional protection for things like brute force attacks. And, I will also IP restrict the Umbraco login page if able, to make sure only valid users can even try to login.
is working on a reply...