Quote:
|
It's not the members that are the problem! It's the non-stop hacking that goes on. I have software that kills the passwords but they can suck a ton of BW in the 10 or so minutes they are working.
|
Strongbox now has some new functionallity to even take
care of those first few people who log in pretty effectively.
Also the unique approach used by Strongbox is able
to more effectively stop the dictionary attacks that reveal
the passwords in the first place. You don't have to detect
that a password was compromiised if you can prevent
it from ever being compromised in the first place.
If you choose to use the Turing image with Strongbox
that pretty much eliminates brute force and dictionary attacks.
In fact most potential attackers will see the Turing image
and not even TRY the atttack. That's a very important
point because even an unsuccesful attack can put a serious
strain on your server, to the point where legitimate
customers cannot connect.
The other new techniques for stopping the initial
burst of bandwidth use and preventing password
compromise in the first place are brand new - Kevin
and the other happy Strongbox users who posted
don't have the very newest features.
Kevin suggested that I chime in here and comment
on the differences between Strongbox and the
old fashioned mod_auh Band-Aid "count the IPs"
scripts such as Pennnywize and ProxyPass.
As tempting as it may be to go off on a long rant
about the folly of trying to patch up the purposely
insecure mod_auth password system, I don't
like to "run down" other people's products in a
public forum. Unfortunately any detailed comparison
would, I'm afraid, end up being a discourse on
why the approach used to PennyWize and ProxyPass
is almost completely ineffective. By the way, if
you're reading this and thinking "it works pretty
well for me, it caught a compromised just yesterday",
than you measure effectiveness differently than
I do - I'd be thinking about the 12 passwords
it failed to catch rather than the 1 that it did.
What I can say about differences without feeling
like I'm talking shit about someone elses work
is that we built a system designed to be maximally
effective because our clients needed something
far more effective than the old fashioned approach.
We were willing to sacrifice a lot to achieve that
goal. In the end, we didn't have to sacrafice as much
as we thought we would, but we did have to
sacrifice ease of installation, so we have to install
it for you. On one point we also to sacrafice a bit
of portability to make a much more effective
solution - about 95% of web hosts can support
the settings that Strongbox needs, but 5% will not.
Proxypass may be able to run on more servers
(if it doesn't require non-standard modules),
but I decided to pay that small price to create
a FAR more effective solution.
Oh, and yeah, I have multi site discounts up
to 90% off.