724 login attempts from 125 IP ranges in 30 countries
 

Yeah Strongbox

Not 1 made it in :)

Question for you: If one of the attempts was successful, wouldn't you not know about it?

WOOT WOOT strong box :)

:P:winkwink:

someone shared a password?

na, it was probably a simple program with proxies used to find weak passes :2 cents:

If it was, 724 attempts is pretty pathetic. :P

Welp -- check the torrent sites for those site rips :)

RUP's are a mostly what stops BF

I remember once when I worked for a sponsor and we had someone trying to bruteforce a site, i set the invalid login page to a jpg file that causes internet explorer to use a shitload of ram. I guess whatever program he was using was using internet explorer in some way, because it stopped almost instantly after.

Actually, yes, I would :)

I'm just curious as I don't know that software inside out...


If the bad guy is using a new proxy(new ip address) and is able to login in 1 attempt, how can you know that has malicious intent and is a bad guy?


Of course in your logs you'll see all the ips that did connect successfully, but you probably can't identify him.

Now if you're getting hammered by dictionnary attacks or brute force even if the guy is using a proxy list... of course it's gonna figure it out...

Those strongbox captcha´s are crackable by school girls..
All it takes is a good wordlist..

And yet it works so well...

Captcha hacks don't work off wordlists you fuckin newb.

and if your password/username can be cracked by a wordlist you need to stop having control over ANYTHING that requires a login..

cause yer an idiot.

From: http://cxliv.org/2006/04/05/password_cracking_speed.php

Using this as our guideline, a 6 character password using the 62 characters possible from upper- and lower-case letters and numbers will produce 57 billion possibilities, and according to this site, Class D hardware can exhaust every such possibility in just 1.5 hours. That's not long. Add common symbols to that mix (increasing the possible characters to 96) and you increase the combinations to 782 billion (for the same 6-character length), meaning the same hardware will take slightly longer to go through all iterations: 22 hours.

Increasing the length of your password makes it more difficult - an 8 character password drawn from the pool of 62 possible characters (letters and numbers) means that there are 218 trillion possibilities, which would require the same hardware a whopping 253 days to process. Meanwhile, using the 96 possible characters that include common symbols would take 23 years on that same hardware!

Takes a whole lot longer when it has to work out the user and the pass, i think the example there is username known, password not.

You just need to crack the "username"
http://www.threadwatch.org/node/14095
In PC Magazine's upcoming May 8th issue they list the 10 most commonly used passwords online - if you are using any of these please turn off your computer immediately, go take a nap and then download this add-on for FireFox

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. blink182
10. (your first name)

Like you had a clue..
On Strongbox they work like this.. Google -> Caecus...

sure, but who in adult lets a person choose their own user/pass nowadays...dont tell me I'm sure way too many do.