I said it would be opt-in so they wouldn't be spammed unless they
would like to be
On Wed, Apr 4, 2012 at 2:36 PM, Platonides <Platonides(a)gmail.com> wrote:
On 04/04/12 10:47, Petr Bena wrote:
The accounts could be compromised just using a
brute force attacks
which would be running for a long time. Since user would never know
their account is being cracked, they would likely never bother with
making their password more strong, neither report it somewhere. If I
was an inactive sysop and I received a message that someone has done
500 000 login attempts over night, I would likely ask some bureaucrat
to remove my sysop flag, since I don't even need it.
Many people would complain that wikipedia is spamming them... and do
nothing.
Note that there's no way to stop an ip from trying to login.
I think login failures are aggregated in some server, the sysadmins
should be able to detect from there a bruteforce attempt and ban the ips
at the squids. I don't know if there's such alarm implemented, though.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l