1. Problem Description

It would be great if some sort of brute force admin interface password guessing prevention mechanism is put in place. The authentication process should be automatically delayed with XX seconds if a brute force attack is detected. This will be enough to slowdown an attacker to a level where the brute force attack would not be feasible. This can be combined with password complexity rules and will have minimal user impact.

2. Task description

Code a brute force detection which counts the number of unsuccessfull logins on a certain account and gradually raises an enforced delay between login tries. So first 3 attemps are without delay and after that it should add increasing delays up to 30 mins.

3. Task Steps

1. Install the LimeSurvey development version
2. Check out the current login procedure
3. Code the new feature

4. Overview

Time Frame: 72 hours

Skills: PHP, SQL

Difficulty: Medium

Mentor: Carsten Schmitz, Marcel Minke (both German/English)