18.4 Brute-Force Attacks and CAPTCHA

CAPTCHA provides additional security against brute-force attacks on the Filr web application.

Brute-force attack monitoring is enabled on the Filr system by default. Filr considers a brute-force attack to be taking place if any user has 5 failed login attempts to the Filr system within a 30-minute timeframe. During the time that Filr believes that a brute-force attack is occurring, Filr requires all users to specify the CAPTCHA response when logging in to the Filr web application. Filr considers the system to be safe from the brute-force attack as soon as there have been fewer than 5 failed login attempts within the past 30 minutes. At that time, specifying a CAPTCHA response is no longer required.