I'm trying to develop a module for Joomla 1.5 that identifies brute force login attacks and shuts them down.
I found a function called onLoginFailure() that gets called when a login attempt fails. From within that function, I'm trying to figure out which username was used for the login attempt. After 5 failed login attemps, I want to then prevent any more attempts by the user for an hour.
Is anyone familiar enough with Joomla to help me 1) access the username from within the onLoginFailure() scope 2) help me identify the best place for my code to prevent login attempts (redirect to a page that tells them they are banned for an hour).
The best existing module I've found is someone who did a 10 second delay between login attempts...