This is the documentation for FishEye 3.4. View the latest version of

Unknown macro: {spacejump}

or visit the latest FishEye documentation home page.

This page explains how to configure or disable FishEye's brute force login protection.

FishEye will protect against brute force login attacks by forcing users to solve a CAPTCHA form after a configurable number of consecutive invalid login attempts. By default, this functionality is enabled, and the number of invalid attempts is set to three.

(info) Once a user logs in successfully, they will no longer be required to solve the CAPTCHA form.

Configuring brute force login protection

To configure brute force login protection:

  1. In the Admin area, click Authentication under 'Security Settings'.
  2. Scroll down to the 'Security Settings' section at the bottom of the screen.
  3. The 'Use CAPTCHA for login' options are:
  • Never.
  • After N login attempts (the default number of allowed attempts is three).

    Select the desired option (where 'N' is the number of attempts), and click 'Apply'. The changes will be made immediately.

Screenshot: Brute Force Login Protection Settings

Brute force protection against remote API calls

Login requests by the FishEye remote API libraries are also covered by the brute force protections. After the number of invalid attempts is exceeded (the default is three), then the remote API for that user will be prevented from making further login attempts (as that user will now be required to solve a CAPTCHA form through the web interface in order to log in).

 

 

 Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.