How to use failed login protect?

How to Prevent Brute Force Login Attacks on Origin Shield

Introduction

Failed login protection is a crucial aspect of ensuring the security and integrity of online systems and applications. It involves implementing measures to prevent unauthorized access through brute-force attacks, unauthorized login attempts, and other malicious activities.

This document provides guidelines for understanding the importance of failed login attempts protection, how to set up failed login attempts protection.

Common threats from failed login Attempts

• Brute-Force Attacks: Attackers use automated tools to try various combinations of usernames and passwords to gain access.
• Credential Stuffing: Attackers use leaked or stolen credentials from other breaches to gain unauthorized access to multiple accounts.
• Dictionary Attacks: Attackers use a list of common passwords and usernames to try to gain unauthorized access.
• Account Enumeration: Attackers identify valid usernames through error messages provided during the login process.

About failed login rules

Failed login rules can be configured to trigger action to log, block or rate limit a user login behavior after the specified number of login/failed login attempts.

The rule templates include the common CMS applications: Drupal, Ghost, Joomla, Magento, Plone, Wordpress, these rules support each CMS predefined login path, login parameters and failed login characteristics

Creating failed login rules

Failed login rules are configured per domain. To have the same failed login rule on multiple domains, you must configure it for each domain.

To create a new failed login rule:

From the left menu, select Origin Shield > Account takeover prevention.

1. Select one rule template or click Add rule to create a custom rule, the create failed login rule page opens.
2. Set the appropriate options.
   1. Rule name: a name for this rule. This name is for your reference only and can include up to 30 characters.
   2. Path: the url for login page.
   3. HTTP method(s): the HTTP method used for the login page.
   4. Maximum login attempts: Define the maximum number of login attempts. Maximum login attempts shall exceed maximum failed login attempts normally.
   5. Maximum failed login attempts: Define the maximum number of failed login attempts.
3. Select one or more origin response type
   
   1. HTTP response code(s)(optional):  Response code(s) to send when a failed login has happened.
   2. HTTP response body(optional): Specific error messages in response body to send when a failed login has happened.
   3. HTTP response header(optional): Response header(s) to send when a failed login has happened.
4. Set the action to perform, rule can perform one of the following actions when it detects failed login attempts:
   1. 1. Log: Logs requests with failed login in the logs.
      2. Block: Blocks HTTP requests. Response code is 403.
      3. Rate-limit: Rate limit HTTP requests. Response code is 429.
5. Set block/rate-limit action duration
   1. 1. Duration: mitigation timeout. Specify how long an login should remain locked after the maximum (failed) attempts have been reached.Select one or more origin response type
6. Click Create.
   

With above settings, if the user fails to login within 5 attempts. The user IP would be locked for 60 seconds.

Conclusion

Implementing robust failed login protection measures is essential to safeguard user accounts and sensitive data. By creating failed login protection and keeping security measures up to date, you can significantly reduce the risk of unauthorized access to your systems.

Full failed login rule page