Page 1 of 1

"Account is now blocked"

Posted: Fri Jan 21, 2011 17:40
by vtec
A couple days ago, the amount of spam bot trying to login to our forum forum increased dramatically.
They weren`t doing anything too advanced - they were simply trying to brute force user`s password using the most common passwords people use, such as "password", "username123″ , "fuckyou" ;) etc.

Our forum has a security mod which detects multiply failed logon attempts. In that case it blocks an account for 10 minutes and sends an email: "Account is now blocked".
If you have "strong" password there is nothing to worry about.

Here are some principles for setting a good password (by David Harley):
● Embed control characters or non-alphanumeric symbols such as digits, punctuation marks and symbols (where the system allows this).
● Misspell (but consistently!) "Dis passéfrase 1s kwite gud bot wd b betr wiv sum #s & karakters that r nut alfan00meric."
● Unorthodox caPitaliZation
● Use a personally significant acronym, e.g., ICRMFPW (I Can`t Remember My Friendly Password)
● Link together two words, possibly with a symbol as a delimiter, e.g., egG^rIbBoN.
● Replace letters with digits or equivalent characters, and words with abbreviations, e.g., BunZ4T, NeWz@10.
● Interleave two words, e.g., RmAaInN.
● Interleave a word with a numeric string, e.g., f9L7a0s8H.
● Don`t use the same password on several machines.
So, everything is under control :)

Posted: Sat Jan 22, 2011 02:46
by Chuckwagon
Thank you Vtek,

Sage advice!

Posted: Sat Jan 22, 2011 17:26
by Maz
That explains thanks Vtec. :grin: