Brute-force and dictionary password guessing

About this bulletin board and the Pale Moon website

Moderators: Lootyhoof, FranklinDM

Locked
John connor
Banned user
Banned user
Posts: 1492
Joined: 2015-01-21, 05:06

Brute-force and dictionary password guessing

Post by John connor » 2016-11-17, 09:16

There's an easy solution. CIDRAM and Ninjafirewall. I know the CIDRAM author and he's implementing a front end right now that will make updating easier.
Top
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 29203
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:
Contact Moonchild

Re: Brute-force and dictionary password guessing

Post by Moonchild » 2016-11-17, 11:31

Not sure what you're trying to say here. The forum has measures in place for repeatedly incorrectly entered passwords.
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image
Top
John connor
Banned user
Banned user
Posts: 1492
Joined: 2015-01-21, 05:06

Re: Brute-force and dictionary password guessing

Post by John connor » 2016-11-18, 03:57

Point I was making is to have a WAF at least. I use a WAF and block many hosters from connecting to my site. This cuts down on the bots and CIDRAM does this. I'm sure you have a WAF, but I bet you're open to bots. Which means scraping could also occur.
Top
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 29203
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:
Contact Moonchild

Re: Brute-force and dictionary password guessing

Post by Moonchild » 2016-11-18, 08:05

Of course we're open to bots and content scrapers. That's perfectly fine for the forum and actually desired, so it actually can be indexed in search engines. Known bots are given specific access to make this easier, in fact.
In addition, we allow people using servers, to visit through relays and read the forum (although e.g. tor exits are limited in what they can do). We don't want to block access from server IPs.
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image
Top
John connor
Banned user
Banned user
Posts: 1492
Joined: 2015-01-21, 05:06

Re: Brute-force and dictionary password guessing

Post by John connor » 2016-11-18, 09:59

Okay. Yeah, I noticed it's been a real PITA sometimes for me to get SEO since I block so many web hosts. Amazon, Azure, Digital Ocean, you name it. All are blocked. I have a ton of ASNs. :lol: Of course Google, Bing and Yahoo are allowed. Content scrapers though could be an issue. I'm a member at Anandtech and they got scrapped and there are webpages that look like Anandtech. Enter your password there and it is now theirs. So that could be an issue. Plus, I wouldn't want my blog and forum content on someone else's webpage.

I also block web hosts because of bots that look for weaknesses in your server. I've seen them do this and get 404ed.

I've always been of the opinion that there was no real good reason for a server to connect to a server. A lot of them are content scarpers, spamers and hack bots. I've actually seen Azure try to get into my home network. Amazon and Azure have to be the worst offenders I've seen including China.
Top
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 29203
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:
Contact Moonchild

Re: Brute-force and dictionary password guessing

Post by Moonchild » 2016-11-18, 10:36

Rest assured that any abusive level of scraping will be automatically halted.
In general, all content on the forum is CC-BY-SA licensed (see https://www.palemoon.org/licensing.shtml, Web Content), so it's fine for other sites to adopt its content if they wish to do so.
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image
Top
Locked

Return to “Forum and website”