Quote:
Originally Posted by jeffrey
See now this is something I dont get.
Even if the PhantomFrog was just plain text only the first person to try would get in, all following attempts would be blocked.
|
Indeed all of the user names would quickly be blocked and noone could
get in, which is pretty much the subject of this thread. The idea with our
approach is to make sure that they don't get blocked because they don't get out.
You are correct, with a typical Phantom Frog install all the user names would
be blocked. We think it's better if the paying customers are able to log in to
your site.
Quote:
Originally Posted by jeffrey
And you say "normal install" a lot. Please back up your statement.
|
I'm not sure what you mean by "backing up" a reference to a "normall install"
of PF, Pennywize, Proxypass, etc. as opposed to some special installation they
may have done once that's different from the way they normally do things.
As a computer science person, I'm very precise in my language.
We install and develop Strongbox all day everyday, we don't spend all that
time looking at the "competition", so I don't know the details of every installation
they've ever done. Therefore I can't say that "Proxypass always ..." or
"Frog always ... ". I can only compare our approach to what others NORMALLY
do. For example Phantom Frog is NORMALLY extremely strict. They normally
focus more than we do on trying to catch every compromised password the
first time, at the expense of accidently blocking a lot more legitimate members.
We normally use settings that are more geared to making sure that paying
members can get in OK, knowing that the variety of factors we consider will
catch almost all compromised passwords pretty quickly. Strongbox COULD
be set up to be super strict, like Phantom Frog is, and perhaps Frog COULD
be set up to be more lenient, but it's useful to talk about how they are
NORMALLY installed. Thus I say that Phatom Frog will NORMALLY block more
legitimate members in an attempt to block compromised passwords more
quickly than Strongbox NORMALLY does.
Quote:
Originally Posted by jeffrey
Show me the server you have set up for someone to brute force and
give me a couple days.
|
I'll be glad to set up a test server for you and send you that information.
Just shoot me an email and I'll send you some specifics.
You DO intend to try something special that might actually work, right?
This isn't 1996 and a dumb brute force would just be a huge waste of time.
When we posted the $10,000 on the cracker forums we had a couple of
guys claiming they had some exploit they wanted to test out and it later
turned out all they had was a list of 10,000 proxies. PULEAZE! Spreading
requests like that isn't going to get you anywhere close. Most of those will
probably already be in our database which includes hundreds of thousands
of open proxies and any that aren't in the database will be detected by our live
detection. So anyway, yeah, just email me and I'll set it up for you.
Quote:
Originally Posted by jeffrey
I also dont know why your "image verification" is just a rotation of 40 or whatever images, not even a true random image for verification, why is this?
|
There are a lot more than 40 words in our dictionary.
We use words rather than random characters because random
characters are really fucking annoying for the customer.