Access is locked on Magento Connect Manager

As of Magento version 1.9.3, Magento have finally added brute force protection to the downloader folder.
As you may be aware, even if you have changed your default admin path ie to anything other that /admin Magento connection is still accessible at yourdomain.com/downloader.

The Fix

Magento have now added a similar feature into the core of magento.  There is a new file in var/ called brute-force.ini which monitors login attempt to Magento Connect Manager.

brute-force-bad-attempts-count = 6
brute-force-diff-time-to-attempt = 360
brute-force-attempts-count = 3

If you see: “Access is locked. Please try again in a few minutes.” Reset the above line to:

brute-force-bad-attempts-count = 0

And you should be able to log in. We still recommend you remove or rename the downloader folder for more complete security.



 

Akses terkunci pada Magento Connect Manager

Pada Magento versi 1.9.3, Magento akhirnya menambahkan perlindungan brute force ke folder downloader.
Seperti yang Anda ketahui, bahkan jika Anda telah mengubah path admin default Anda (/ admin), koneksi Magento masih dapat diakses pada domainAnda.com/downloader.

Cara Mengatasinya

Magento kini telah menambahkan fitur serupa ke core magento. Ada file baru di var / disebut brute-force.ini yang memonitor upaya login ke Magento Connect Manager.

brute-force-bad-attempts-count = 6
brute-force-diff-time-to-attempt = 360
brute-force-attempts-count = 3

Jika Anda melihat notifikasi: “Access is locked. Please try again in a few minutes. (Akses dikunci. Silakan coba lagi dalam beberapa menit.)” Setel ulang baris di atas ke:

brute-force-bad-attempts-count = 0

Dan Anda bisa masuk lagi. Kami masih menyarankan Anda menghapus atau mengganti nama folder download untuk keamanan yang lebih lengkap.