Mailing List CGatePro@mail.stalker.com Message #92582
From: Stefan Seiz <TalkLists@index-s.de>
Subject: Login Security Setting- was: Re: Speaking of CGP and Spam....
Date: Wed, 12 Sep 2007 14:38:38 +0200
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
On 12.09.2007 14:18 Uhr "Pascal Robert" <probert@os.ca> wrote:

> were  
> suspending account who had 15 failed logins within one minute


Just a Heads up to everyone (given i understand the Documenatation on this
feature correctly):

15 failed logins within 1 Minute will give a cracker 14 tries every 2
minutes AFAIK.
Funny enough, the Time-Setting of this feature not only sets the inteval
used to check the number of "failed logins", but it is also used so set the
suspension period, so in the above case, the account would only be suspended
for one Minute, and then the cracker would have another 14 tries...

It is kind of weird. I'd much prefer if the feature would have 3 parameters
like:

Suspend for [X] Minutes after [X] failed logins within [X] Minutes

Thus, i set my Login Security to X failed logins within 10 Minutes to make
the suspension period a bit longer. I hope, CGP doesn't really wait the full
10 minutes in case it gets X failed logins already during lets say one
minute.

--
Stefan Seiz <http://www.StefanSeiz.com>
Spamto: <bin@imd.net>


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster