Brute-force and dictionary password guessing
Posted: 2016-11-17, 09:16
There's an easy solution. CIDRAM and Ninjafirewall. I know the CIDRAM author and he's implementing a front end right now that will make updating easier.
Pale Moon forum
Discussion forum for the Pale Moon web browser
https://forum.palemoon.org/
Brute-force and dictionary password guessing
Page 1 of 1
Re: Brute-force and dictionary password guessing
Posted: 2016-11-17, 11:31
Not sure what you're trying to say here. The forum has measures in place for repeatedly incorrectly entered passwords.
Re: Brute-force and dictionary password guessing
Posted: 2016-11-18, 03:57
Point I was making is to have a WAF at least. I use a WAF and block many hosters from connecting to my site. This cuts down on the bots and CIDRAM does this. I'm sure you have a WAF, but I bet you're open to bots. Which means scraping could also occur.
Re: Brute-force and dictionary password guessing
Posted: 2016-11-18, 08:05
Of course we're open to bots and content scrapers. That's perfectly fine for the forum and actually desired, so it actually can be indexed in search engines. Known bots are given specific access to make this easier, in fact.
In addition, we allow people using servers, to visit through relays and read the forum (although e.g. tor exits are limited in what they can do). We don't want to block access from server IPs.
In addition, we allow people using servers, to visit through relays and read the forum (although e.g. tor exits are limited in what they can do). We don't want to block access from server IPs.
Re: Brute-force and dictionary password guessing
Posted: 2016-11-18, 09:59
Okay. Yeah, I noticed it's been a real PITA sometimes for me to get SEO since I block so many web hosts. Amazon, Azure, Digital Ocean, you name it. All are blocked. I have a ton of ASNs. 
Of course Google, Bing and Yahoo are allowed. Content scrapers though could be an issue. I'm a member at Anandtech and they got scrapped and there are webpages that look like Anandtech. Enter your password there and it is now theirs. So that could be an issue. Plus, I wouldn't want my blog and forum content on someone else's webpage.
I also block web hosts because of bots that look for weaknesses in your server. I've seen them do this and get 404ed.
I've always been of the opinion that there was no real good reason for a server to connect to a server. A lot of them are content scarpers, spamers and hack bots. I've actually seen Azure try to get into my home network. Amazon and Azure have to be the worst offenders I've seen including China.
Of course Google, Bing and Yahoo are allowed. Content scrapers though could be an issue. I'm a member at Anandtech and they got scrapped and there are webpages that look like Anandtech. Enter your password there and it is now theirs. So that could be an issue. Plus, I wouldn't want my blog and forum content on someone else's webpage. I also block web hosts because of bots that look for weaknesses in your server. I've seen them do this and get 404ed.
I've always been of the opinion that there was no real good reason for a server to connect to a server. A lot of them are content scarpers, spamers and hack bots. I've actually seen Azure try to get into my home network. Amazon and Azure have to be the worst offenders I've seen including China.
Re: Brute-force and dictionary password guessing
Posted: 2016-11-18, 10:36
Rest assured that any abusive level of scraping will be automatically halted.
In general, all content on the forum is CC-BY-SA licensed (see https://www.palemoon.org/licensing.shtml, Web Content), so it's fine for other sites to adopt its content if they wish to do so.
In general, all content on the forum is CC-BY-SA licensed (see https://www.palemoon.org/licensing.shtml, Web Content), so it's fine for other sites to adopt its content if they wish to do so.