How to protect Kentico CMS against brutal-force attack

Juraj Ondrus — Aug 24, 2009

This article shows how protect Kentico CMS against brutal-force attack, or how to limit the number of attempted login before the account is locked.

Protection against brutal-force attack is not available in current version by default.
You can customize appropriate page (CMSPages/Logon.aspx.cs) and write you own logic in code-behind file. Or you can use Flood protection via our API. You can find CheckFlooding() method in FloodProtectionHelper class. For more info please see our API reference. You can use it as following:

if (FloodProtectionHelper.CheckFlooding(CMSContext.CurrentSiteName, CMSContext.CurrentUser))
{
// your custom code
}

See also:

Applies to: Kentico CMS 4.0

Share this article on Twitter Facebook LinkedIn

Juraj Ondrus

Hi, I am the Technical support leader at Kentico. I'm here to help you use Kentico and get as much as possible out of it.