I said it would be opt-in so they wouldn't be spammed unless they would like to be
On Wed, Apr 4, 2012 at 2:36 PM, Platonides Platonides@gmail.com wrote:
On 04/04/12 10:47, Petr Bena wrote:
The accounts could be compromised just using a brute force attacks which would be running for a long time. Since user would never know their account is being cracked, they would likely never bother with making their password more strong, neither report it somewhere. If I was an inactive sysop and I received a message that someone has done 500 000 login attempts over night, I would likely ask some bureaucrat to remove my sysop flag, since I don't even need it.
Many people would complain that wikipedia is spamming them... and do nothing. Note that there's no way to stop an ip from trying to login. I think login failures are aggregated in some server, the sysadmins should be able to detect from there a bruteforce attempt and ban the ips at the squids. I don't know if there's such alarm implemented, though.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l