Page 1 of 1

Idea: more conditional Google reCaptcha support

Posted: Sun Sep 26, 2021 6:51 pm
by davidma
Right now Google reCaptcha can be either turned on or off in the options. The problem with turning it on is apparently that it also blocks zmNinja and other API clients from logging in since they cannot handle the captcha.

Idea: could we possibly do something like keep recaptcha off for the first login attempt and then after 1-2 login attempts from a given IP address turn it on for X minutes/hours?

This would then reasonably allow the use of Google reCaptcha (which is nice to help prevent brute force attacks in addition to fail2ban) without preventing zmNinja from logging in for most use cases.

Thanks for reading!