en Copyright 2025 Java http://127.0.0.1:8080/history/plugin/captcha/IpCounter.php#194d338681b559bf46a61e6fd49d98dea7193d22 Move IpCounter to date-based tmpdir storage with daily cleanupIpCounter files were stored in the cache directory without cleanup,causing inode exhaustion on busy sites. Files are now stored intmpdir/captcha/ip/Y-m-d/ with automatic daily cleanup via indexer.Also reorganizes FileCookie to tmpdir/captcha/cookie/Y-m-d/ forconsistency and moves timeout config loading into IpCounter constructor.fixes #146 List of files: /plugin/captcha/IpCounter.php Thu, 22 Jan 2026 11:34:21 +0000 Andreas Gohr <gohr@cosmocode.de> http://127.0.0.1:8080/history/plugin/captcha/IpCounter.php#563fb5668f85b2cd8c67a6d8af2d4597cbcfdaa7 Add exponential timeout for failed login attemptsIntroduces a configurable brute-force protection mechanism that enforcesincreasing wait times between login attempts. The timeout doubles witheach failure (e.g., 5s → 10s → 20s → ...) up to a configurable maximum.New settings:- logindenial: Base timeout in seconds (0 to disable)- logindenial_max: Maximum timeout cap (default 1 hour)The feature works independently of CAPTCHA protection - failed attemptsare tracked per IP using the existing IpCounter mechanism, and usersare shown the remaining wait time when blocked. List of files: /plugin/captcha/IpCounter.php Thu, 22 Jan 2026 10:13:15 +0000 Andreas Gohr <gohr@cosmocode.de> http://127.0.0.1:8080/history/plugin/captcha/IpCounter.php#969b14c4e3ba4be207f4542079c3a4d093268325 added bruteforce protection on loginThe new default for protecting the login now takes failed logins fromthe originating IP into account. List of files: /plugin/captcha/IpCounter.php Tue, 11 Jan 2022 12:10:20 +0000 Andreas Gohr <andi@splitbrain.org>