https://bugzilla.wikimedia.org/show_bug.cgi?id=40496
--- Comment #3 from Chris Steipp <cste...@wikimedia.org> 2012-11-13 16:20:39 UTC --- I agree, this would be a very useful feature, although implementing it needs to be handled carefully. For passwords, you typically either present a captcha, or you introduce an exponentially-increasing delay. To get a handle on the effect, it would be nice to start logging captcha presentations, in addition to the pass/fail logging that we do. That will let us calculate the pass or fail rate of a single IP or User. I suspect that if we throttle based on the pass rate, instead of a static number of requests, that would more accurately block someone brute forcing, while not disrupting edits for users who happen to be behind a proxy with a large number of legitimate users. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
