On 30/11/2007, Christensen, Courtney <ChristensenC(a)battelle.org> wrote:
Hi List,
I've searched Google,
mediawiki.org, the mailing list archives, and
looked through the listed extensions, but I have been unable to find
anything about keeping mediawiki accounts from being brute-forced. I'm
specifically looking for something that locks an account down after a
specified number of login attempts or which adds time between login
requests when the password is given incorrectly. Do measures like this
exist? Did I just use the wrong search terms?
After a quick look at the relevant code, I can't see any such feature.
It looks like MediaWiki will accept unlimited numbers of attempts. You
can use an external authentication plugin which could have such a
feature. Whether such a plugin already exists, I don't know -
mediawiki.org would be the place to look.