Quote:
Originally posted by stevo
Even with pennywize im having trouble with people hacking accounts, even my own personal user/pass was hacked. Everythings chmodded correctly so i dont know whats up or what else to do.
|
Pennywize does the job detecting who's gotten in, but it doesn't do as well preventing them from getting in. Its brute force attack protection algorithm is rather simplistic. In this age of open proxy servers counting an IPs 401 requests against a threshold just doesn't cut it.
Quote:
Originally posted by CheeseFrog
What is special about proxypass that makes it that much more effective than Pennywize or PasswordSentry? Don't they all just keep track of unique IP's that are associated with a given login/pw?
|
That about sums it up, however, different systems track different IP ranges. Pennywize, for example, tracks Class C subnets (ie. 1.1.1.*). Since many larger ISPs own multiple Class C IP blocks unless you set your thresholds rather high, you'll get false positives.
Our own system, PureMember, tracks slightly larger IP ranges so we've set our default threshold to 2 without any problems.
Shinjin
puremember.com