On 1/31/2014 3:58 PM, Alex Mestiashvili wrote:
I have to agree with you here, Raffaele. While it's nice to talk
about users and 20 character random keys, the fact of the matter is,
they aren't used by the vast majority of users. In many cases, even
those who *should* know better don't do it.
Sure, you could require a 20 character random key on your site - but
you won't get many people to sign up. Rather than try to remember
such a password, most people will just move on.
There are other tools too, for example pam-abl [0], which imho makes a
brute force almost useless unless there is a distributed brute force...
http://sourceforge.net/projects/pam-abl/
Regards,
Alex
Alex,
Yes, I'm familiar with the tools, but any halfway serious hacker will
have at his/her disposal a bunch of proxies around the world; the
*really* serious ones will have spread malware and have tens of
thousands (or more) zombie machines available.
For three days I had someone trying to break into my Exim system; they
didn't get anywhere because they were blocked almost as soon as they
tried. But they just switched to another proxy and tried again.
It's a never-ending battle.
Jerry
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52ec14a4.7080...@attglobal.net
