This is a sibling issue to #1169 and a counter-issue to #1394 (where we discuss documenting that it is not possible to ban an IP in Backdrop and that such a feature belongs in contrib).
Both D8 and D7 have a ban IP feature (https://www.drupal.org/documentation/modules/ban), so this makes this issue here also part of #378:
In D7 it is part of the system module, so enabled by default:
...whereas in D8 it is a separate core module (Ban) that is disabled by default:
Related issue and change record where the "Ban IP" feature was removed from Backdrop core: #2543 https://api.backdropcms.org/node/44866
I personally get a lot of "page not found" errors in the log of quite a few sites I run. Some examples of pages requested are:
ttp://testp1.piwo.pila.pl/testproxy.php
w00tw00t.at.blackhats.romanian.anti-sec:)
phpMyAdmin/scripts/setup.php
pma/scripts/setup.php
myadmin/scripts/setup.php
...and so on. So, it would be great to have an automatic thing in place that works like fail2ban and blocks "nasties" (with the threshold being configurable). For feature parity with Drupal, we should also allow manual entry of IP addresses.
If we have this + Honeypot in core (#1169) and enabled with some sensible defaults out of the box + a dedicated Configuration -> Security admin section, then we'd be able to market all that as additional security features.
Recent comments
I'm really hoping to make this simple change on new content types: https://github.com/backdrop/backdrop-issues/issues/7080 Let's disable the "Display author and date information" by...
February 26th, 2026 - Weekly Meetings
For our DEV meeting: an older bug needs (and could have) a fix. Issue #5729 - Views: Search Filter: On Empty Input "Show None" option Shows All There are 2 pull requests, but one...
February 26th, 2026 - Weekly Meetings
Ruby Text can be a bit of a hassle to edit... Yes, I can imagine that. No idea, how an editor dialog (or whatever) for easier editing of those should look like - in terms of...
Specific tags to work in CKEditor 5