Simple Machines > News and Updates

Simple Machines Forums attacks

<< < (2/41) > >>

Cal O'Shaw:
Perhaps a silly question... we have password strength at mid.  If we go to High, does that do anything about existing passwords?  I'm assuming new members and members changing their passwords would be held to new level.

Any way to see which users are below specified password strength so we can PM them to change?
Is there a maximum password length (some of my users want to go to the max)?

Grazie,

Cal

b4pjoe:
I've cleared my .htaccess list of IP's and uninstalled the cb|Emailogin. As soon as I did that the attempted logins started immediately. Then I installed Arantor's mod, login_detector.zip and so far I have had no entries in the SMF error log. It's been about 2 hours now and that mod is the only thing I am using to combat the attacks at present.

:

--- Quote from: Cal O'Shaw on February 19, 2011, 05:04:26 PM ---Perhaps a silly question... we have password strength at mid.  If we go to High, does that do anything about existing passwords?  I'm assuming new members and members changing their passwords would be held to new level.
--- End quote ---

Correct.


--- Quote ---Any way to see which users are below specified password strength so we can PM them to change?
--- End quote ---

No. The passwords are hashed and there is no way to determine whether any given password is weak or not, unless you care to brute force their accounts, one by one.


--- Quote ---Is there a maximum password length (some of my users want to go to the max)?
--- End quote ---

I don't believe there is. If there IS, it'll be something like 50 characters.

Kindred:
Changing the password strength requirement will not affect existing users...  And n, there is no w to anaphase the strength of existing users' passwords or force them to change passwords.

Norv:

--- Quote from: Arantor on February 19, 2011, 04:45:05 PM ---Yes, you can force email login, but personally I'd rather stop them at the door from trying to make the fake login in the first place ;)

--- End quote ---

I completely agree actually. The particularity that your last mod targets and your report are under investigation and should definitely be addressed one way or another.
Thank you very much! :)

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version