On Fri, 6 Sep 2013 08:23:06 +0800 Christopher Meng <cickumqt@xxxxxxxxx> wrote: > Wow... that would be great. This is the most serious case we should > care about. > > IMHO We should pretend to be "normal" when we meet such case like > mailman subscribe, but I think we also should notify users when > $(TIMES) times wrong password entered. $(TIMES) can be set by users, > after limited times if wrong password comes again we should block the > IP. > > My blog use plugin with my modification: > > If attacker has entered wrong password for 1 times(I set it to 1 > because this case is suitable for me), then if attacker tries to > storm my account for the third time, its IP will be blocked 10000 > mins. So I won't receive too many emails about failed login attempt, > but I don't know if Fedora Infra wants to support this way... I dislike lockouts like this because someone can spoof your IP and block you from logging in. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
