The brute force log-in attempts continue. Lockouts didn’t really help because they’re apparently using a wide selection of IP addresses. I didn’t want to do this, but I’ve added a CAPTCHA to the log-in page. Hopefully it won’t be too annoying. Once again, let me know if there are any problems.

As a “spoonful of sugar” I’ve given it a humorous and relevant word list. For example the CAPTCHA might be “naked boobs”. Obviously this isn’t terribly secure, but I can’t imagine this is more than a low-effort attack of opportunity, so hopefully that’ll be enough.

Loading Likes...

4 Replies to “CAPTCHA”

    • I’m inclined to assume it’s just a spammer, but you never know, so I don’t want to wait around and find out what happens if they finally get in.

      I have it set up so I get an email after several failed log-in attempts, which at the moment is the most annoying part—I’m getting dozens of them—but I don’t really want to turn that off and miss something serious either.

        • More than almost. In fact I’m counting on it. A CAPTCHA won’t do much good otherwise, will it?

          Just can’t imagine any real person would have the patience to try dozens and dozens of passwords for random users here. This site isn’t remotely a high-value target. But a bot’s time is cheap.

Leave a Reply

Your email address will not be published.

DMCA / Report Abuse