Welcome to Geeklog, Anonymous Monday, December 23 2024 @ 12:11 am EST
Geeklog Forums
Brutus cracker
Profetas
Anonymous
there is some one trying to crack into my site using the brutus cracker. so to minimize the brute force I was looking for the Password time out. is there any configuration in the gl about the time out?
12
7
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
There's a speed limit for the requests for new passwords. Is that what you mean?
$_CONF['passwordspeedlimit'] = 300; // seconds = 5 minutes
I'm not familiar with the kind of attack you've mentioned. What is it doing exactly? Trying to guess an account's password?
bye, Dirk
Text Formatted Code
// Password setting: minimum time between two requests for a new password$_CONF['passwordspeedlimit'] = 300; // seconds = 5 minutes
I'm not familiar with the kind of attack you've mentioned. What is it doing exactly? Trying to guess an account's password?
bye, Dirk
9
8
Quote
Profetas
Anonymous
He is using proxy.
I have banned over 20 ip. using my firewall. I wanted to install it to see how it works byt I don't have windows.
I have banned over 20 ip. using my firewall. I wanted to install it to see how it works byt I don't have windows.
7
6
Quote
Status: offline
Turias
Forum User
Full Member
Registered: 10/20/03
Posts: 807
Quote by Profetas: He is using proxy.
I have banned over 20 ip. using my firewall. I wanted to install it to see how it works byt I don't have windows.
I have banned over 20 ip. using my firewall. I wanted to install it to see how it works byt I don't have windows.
Hmmm, if he doesn't have a static ip it makes it difficult to stop him. Your best bet would be to follow exdeath's advice. Create a table listing the time of each attack, the ip used, and the duration of the attack. Then, send this table to the service provider so that they can handle it.
As a precautionary measure, make sure that your admin accounts have long, random passwords with both lowercase and uppercase letters as well as numbers. For example, if your root account has the password: t2U62Mh01d (don't use this one), it would be almost impossible for someone to brute-force their way in using Brutus. Not impossible, but probablitity says it would take many, many years.
5
8
Quote
All times are EST. The time is now 12:11 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content