On 04/04/12 10:47, Petr Bena wrote: > The accounts could be compromised just using a brute force attacks > which would be running for a long time. Since user would never know > their account is being cracked, they would likely never bother with > making their password more strong, neither report it somewhere. If I > was an inactive sysop and I received a message that someone has done > 500 000 login attempts over night, I would likely ask some bureaucrat > to remove my sysop flag, since I don't even need it.
Many people would complain that wikipedia is spamming them... and do nothing. Note that there's no way to stop an ip from trying to login. I think login failures are aggregated in some server, the sysadmins should be able to detect from there a bruteforce attempt and ban the ips at the squids. I don't know if there's such alarm implemented, though. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l