Prevent Multiple Login Attempts on client sign-in forms

[sonuyos]

While we are on this topic of fake accounts and orders, can we also get a quick fix for brute force attempt on WHMCS login page?

A google recaptcha should fix this problem, and with @Matt's cart_recaptch.php file, the problem is half solved, if we can get such hook for login page, that would be miracle.

@WHMCS John

[WHMCS Peter]

Hi @sonuyos,

I believe you would be able to achieve using the ClientLogin and ClientLoginShare hook points. If you take a look at ClientLoginShare, it will send the data back on a failed login attempt. The example shows how it could be used to automatically register an account for this non-existent user however, you could also use this to log information about a login request.

EDIT: I forgot the link for you! See here: https://developers.whmcs.com/hooks-reference/authentication/#clientlogin

I hope this helps.

Best Regards,

Peter
Technical Analyst

Edited April 26, 2018 by WHMCS Peter
Forgotten link to hook points referenced in post.

[sonuyos]

7 minutes ago, WHMCS Peter said:

Hi @sonuyos,

I believe you would be able to achieve using the ClientLogin and ClientLoginShare hook points. If you take a look at ClientLoginShare, it will send the data back on a failed login attempt. The example shows how it could be used to automatically register an account for this non-existent user however, you could also use this to log information about a login request.

EDIT: I forgot the link for you! See here: https://developers.whmcs.com/hooks-reference/authentication/#clientlogin

I hope this helps.

Best Regards,

Peter
Technical Analyst

 

@WHMCS Peter thanks for this, however i was thinking about having a constant recaptcha, so whenever a client login, the captcha will be there and wont proceed without confirmation.