[WikiEN-l] Please change your passwords.
Jake Nelson
duskwave at gmail.com
Mon May 7 20:49:59 UTC 2007
On 5/7/07, Steve Summit <scs at eskimo.com> wrote:
> detect repeated login failures and (a) lock out the account,
Which makes it trivial for someone with no account and no password to
any account to effectively block all admins.
> (b) slow way down,
Doable.
> and/or (c) notify the (real) user.
Who doesn't have any ability to affect the login failures, or likely
know where they're coming from, and you just spam them...
IP-based throttles and restricting the same IP from connecting to
multiple different accounts are the main things that come to mind...
how that works with the massively shared IPs (like those country-wide
gateways) is another question. I can think of some ways that might
deal with it, but the technical detail gets a little complex.
-- Jake Nelson
[[en:User:Jake Nelson]]
More information about the WikiEN-l
mailing list