Re: phpBB wordpress 2.4.0> logic - logs x documentation
Posted: Fri Nov 27, 2020 2:11 pm
Found errors, and fixed. Not code errors, but behaviors errors.
There was on updating users by admin in certain cases, into the login widget, and some more.
The w3all sessions keys Brute Force countermeasure is set to yes by default since 2.4.0, and change a little to be more effective.
To me, it was possible to mount an attack based on a little complicate, but maybe possible way.
Now, the w3all sessions keys Brute Force countermeasure logic works little different, and do not cleanup records as before.
Cleanup records eliminating older 100, when it exceed 4000 records, but maintaining ALL that exceeds.
If the bruteblock ids array will contain more than 4000 records, that in theory should never happen to to the auto-cleanup behavior, a little red warning/notice with the number of total records will display, where related option on plugin admin.
Setting to NO the option and saving preferences, will empty/reset data (as it was until now).
I'm in doubt on adding option into plugin admin, if right now, or along 2.4.0> series, to setup data for the db connection to phpBB into plugin admin, and terminating with the inclusion of the phpBB config.php file.
I assume it would be a good switch to, and further (so little maybe) speedup of code execution.
There was on updating users by admin in certain cases, into the login widget, and some more.
The w3all sessions keys Brute Force countermeasure is set to yes by default since 2.4.0, and change a little to be more effective.
To me, it was possible to mount an attack based on a little complicate, but maybe possible way.
Now, the w3all sessions keys Brute Force countermeasure logic works little different, and do not cleanup records as before.
Cleanup records eliminating older 100, when it exceed 4000 records, but maintaining ALL that exceeds.
If the bruteblock ids array will contain more than 4000 records, that in theory should never happen to to the auto-cleanup behavior, a little red warning/notice with the number of total records will display, where related option on plugin admin.
Setting to NO the option and saving preferences, will empty/reset data (as it was until now).
I'm in doubt on adding option into plugin admin, if right now, or along 2.4.0> series, to setup data for the db connection to phpBB into plugin admin, and terminating with the inclusion of the phpBB config.php file.
I assume it would be a good switch to, and further (so little maybe) speedup of code execution.