Add protection against brute force hacks - we're at risk at the moment
I just noticed the site has no time-out protection against hackers trying to 'brute force' passwords. This is where they set up an automated script that literally tries every password combination, one after another, thousands per second, until it cracks your password. This puts us all at risk - hackers could be running scripts right now and harvesting users' private messages and personal info right from their inbox. The common fix for this it to allow only three password attempts before locking out an account for an hour - that makes it impractical for hackers to try this method. At the moment, everyone is at risk from this.
We’ve restricted options now so brute-force attacks will not work and profiles will lock after too many attempts to get in unsuccessfully.
1 commentComments are closed
Rory Foster commented
Make it something not too small though. Like 20 attempts per hour or something