Attacks on TYPO3 systems occur from time to time, albeit infrequently. The hackers use automated systems – known as bots – to carry out these attacks, which use different password combinations to attempt to access the systems. The aim of these attacks is to obtain sensitive company or customer information.
Although the TYPO3 community is constantly working to improve the security of TYPO3 and there are already many solutions to recognise these attacks, no solution has yet been found to generally prevent these attacks.
mfc_belogin_captcha is an extension created by Marketing Factory, which prevents the hacking of passwords by automated systems as soon as this has occurred.
After a certain number of failed logins, a CAPTCHA is displayed, which must be completed in addition to the correct access data. As is known, automated systems cannot complete a captcha and so further attacks are prevented by the appearance of this captcha alone. However, the extension ensures that the content managers of a system can still log in to the backend even after five failed logins due to typing errors.
The extension mfc_belogin_captcha generates the captchas using the new Google reCAPTCHA. As the bots are being programmed to become increasingly intelligent, the known combinations of numbers or letters are often no longer adequate to verify a "human user". Instead, reCAPTCHA uses images of numbers, image sequences or simple tick boxes to differentiate humans from bots. The latter cannot (or at least cannot yet) solve these. Apart from improving the security of TYPO3 systems and offering protection against hacker attacks, the extension also provides the major advantage that TYPO3 backends can continue to be used unrestrictedly even during an ongoing attack.
Marketing Factory is making the extension available to the entire TYPO3 community. The extension has been available to download since September 2013.