[Lazarus] Forum under attack

waldo kitty wkitty42 at windstream.net
Tue Jan 11 18:24:21 CET 2011


On 1/11/2011 12:07, Marc Weustink wrote:
> waldo kitty wrote:
>> On 1/11/2011 08:01, Felipe Monteiro de Carvalho wrote:
>>> On Tue, Jan 11, 2011 at 1:44 PM, Marc
>>> Weustink<marc.weustink at cuperus.nl> wrote:
>>>> There is a plugin that checks new accounts against a known spammers
>>>> database. I'm thinking of adding it.
>>>
>>> The amazing thing is that we already have a image, so they are using
>>> OCR (Optical character recognition)?
>>
>> very likely... they have been making large strides in passing automated
>> captcha...
>>
>>> Maybe harder images would be a solution?
>>
>> that and possibly even special questions that only humans can answer...
>> what forum software is it? my phpBB3 gets beat on daily but no spammers
>> have been successful at getting in... then again, my IDS/IPS also has
>> special rules to detect such attempts and blocks them at the perimeter
>> so they don't beat the forum server to death ;)
>
> This doesn't prevent password guesses.

true but blocking on too many failures does ;)

this is also used for many ftp, telnet, smtp, imap, and pop3 servers, just to 
name a few ;)




More information about the Lazarus mailing list