subscribie icon indicating copy to clipboard operation
subscribie copied to clipboard

Published 20 hours ago verified publisher icon Subscribie

As a shop owner, I want documentation for upcoming subscriptions

Open jimmyedagawa78 opened this issue 1 year ago • 0 comments

Is your feature request related to a problem? Please describe. As a shop owner, I want documentation for upcoming subscriptions

Describe the solution you'd like As a shop owner, I want documentation that informs me how I can view and keep track of upcoming payments

Additional context This is in context to Subscribie docs

jimmyedagawa78 avatar Nov 21 '23 04:11 jimmyedagawa78

This can be done by a plug-in if needed.

aadrian avatar Jun 23 '18 08:06 aadrian

ReCAPTCHA should be a feature within the main installation. Prevention of Login Bots is something that should be available by default.

ApertureDevelopment avatar Jun 23 '18 17:06 ApertureDevelopment

@ApertureDevelopment as mentioned also here https://gitbucket.github.io/gitbucket-news/gitbucket/2018/06/07/why-doesnt-gitbucket-self-host.html and in many other places, GitBuckets main target are small teams and projects (most of them even in intranets).

As such, the default configuration of any GitBucket installation should be to not allow self registration at all, but and admin to create accounts for it's team.

GitBucket has a pretty modular architecture, so this kind of functionality should be implemented by the community in form of a plug-in if (it needs it) - and there could be even more implementations, since there are various Captcha solutions.

aadrian avatar Jun 23 '18 18:06 aadrian

I am not talking about the registration process, I am talking about the Login. A login bot tried all login data until it found the right combination ( See: Bruteforce ) even if you target small teams, this is something that can affect every user of GitBucket

ApertureDevelopment avatar Jun 24 '18 16:06 ApertureDevelopment

I am not talking about the registration process, I am talking about the Login. A login bot tried all login data until it found the right combination ( See: Bruteforce )

Sorry, but if you expose any login system to the Internet, the solution against brute force is not Captcha but Fail2Ban or something something similar. This is usually done not at the application level but at the hosting level, e.g. in conjunction with a firewall.

aadrian avatar Jun 24 '18 19:06 aadrian

Those people have in most cases bot networks and hundreds of IP addresses. We have Fail2Ban but the jail is huge as hell already. And again you misunderstood, but if you look in the title bar of your personal profile at GitBucket, they already have your Username, now they just need to try all password combinations, shouldn't be hard as GitBucket doesn't support Special characters for passwords.

And for Fail2Ban: Do you have build anything in that works together with it? Otherwise it runs but doesn't know it's login bots.

ApertureDevelopment avatar Jun 25 '18 14:06 ApertureDevelopment

And for Fail2Ban: Do you have build anything in that works together with it?

Of course:

  • GitBucket logs the failed attempts. If we encounter the same IP address with x failed logins in a certain y timeframe, we ban that IP Address.
  • if we encounter URL patterns that are not present in the application, we also ban that IP.

Also, depending on our installations, for many of our scenarios we ban certain countries completely - this alone reduces the attempts with ~95% :) .

We also use VPN for many customers, since it makes life easier, and everybody sleeps better :).

aadrian avatar Jun 25 '18 14:06 aadrian

Hm, i would rather prefer to use Hcaptcha.

orlovskyjavaprofi avatar Apr 13 '24 12:04 orlovskyjavaprofi