the hacker known as 4chan has arrived

it's been suggested a few hours ago and I think that's the way people break in on other vichan sites. The team has passwords that get the pass on https://howsecureismypassword.net/ and my server login is unique to kissu only.

also, worth putting this into practice for the captchas too

wtf happened to the thumbnail

The following steps add a max post counter to thwart low effort brute force attacks on passwords.
It has an anti-lockout mechanism by remembering a mod's login IP so you shouldn't get locked out of your account in many common scenarios.
Unless a cracker is on an IP you've used before this will prevent them from using proxy farms to bruteforce.

1) create modlogins table(this will be entered into on an unsuccessful password attempt):
CREATE TABLE modlogins(name VARCHAR(255), ip VARCHAR(255)NOT NULL, attempt_unix INTEGER(11), success INTEGER(1));

(backup before replacing)
2) Replace mod_login in inc/mod/pages.php
3) Replace login in inc/mod/authphp

4) in config.php add:
$config["max_login_attempts_refresh_time"] = 60 * 60; // 1 hour
$config["max_login_attempts"] = 10;
$config["error"]["max_logins_reached"] = "You have reached the maximum number of login attempts.";

ｷﾀ━━━(ﾟ∀ﾟ)━━━!!

>>4378
Why replace?

>>4386
because it modifies behaviour of the login routine