On 4 April 2012 18:19, K. Peachey p858snake@gmail.com wrote:
On Wed, Apr 4, 2012 at 5:54 PM, Petr Bena benapetr@gmail.com wrote: More:
IP addresses which do N bad login attemps should be blocked from accessing login page for Z minutes (You have done too many bad login attempts, please wait 5 minutes before trying again) This would help to avoid bots who try to compromise account by trying random passwords
We already do this, I believe.
I believe it's covered through this: https://www.mediawiki.org/wiki/Manual:$wgPasswordAttemptThrottle