Brute-force Prevention is designed to protect Tigase Server against user password guessing. It counts invalid login tries and when it is above limit, it locks login ability for specific time (soft ban). When invalid login counter reaches second level, account will be disabled permanently.
Brute-force Prevention is configured by VHost. There is following lis of configuration parameters:
Brute Force Prevention Enabled
Number of allowed invalid login
Time [sec] in what failed login tries are counted
Threshold beyond which account will be permanently disabled
Time [sec] of soft ban (first threshold)
Working mode (see the section called “Working modes”)
There are three working modes:
Ip- it counts invalid login tries from IP, and locks login ability (soft ban) for IP what reach the threshold
IpJid- it counts tries from IP to specific user account. Soft ban locks ability of login to specific JID from specific IP.
Jid- similar to
IpJidbut checks only JID. Soft ban locks ability of login to specific JID from all IPs.
Only in modes
IpJid account may be permanently disabled.
IpJid, when invalid login counter reach threshold
status will be set o
To enable it again you should use Re-Enable User Ad-hoc