search for: unguess

Does anyone know if there are plans to give sshd the ability to block further login attempts from a particular IP address/block after a set number of failed logins? I'm sure lots of other admins have seen their system logs full of attempts by hackers probing with lists of sample usernames. I know there is a Python script which uses TCP wappers to achieve this by editing

...mlink that has the "${" sequence embedded. Randolph Bentson (bentson@grieg.holmsjoen.com) wrote: > The "link" operation is atomic and fails even for root if the > destination exists. It''s a rather simple matter to create a file in > /tmp with an effectively unguessable name (using /dev/urandom and > other such) before attempting a link to the desired file name. 1) This isn''t as easy for things like shell scripts that need a temporary file. 2) It doesn''t follow the rule "what should be easy actually IS easy". A program that does...

Is it possible to somehow send an email containing the user password if it is stored as a md5 hash in the database? Is it stupid to save the passwords as clear text strings in the db? Its a web shop. A workaround would be to generate a new password and send it to the user. If the user then want to, he may change to another password. Any other thoughts on this? //D -- Posted via

...chroot > system. Chroot protects against nonprivilidged users acessing the > rest of the system, not against root-users. 4. Use inetd.conf and tcp wrappers to enable only certain hosts access to your program's output so the whole world does not get a crack at it. 5. Set up a good unguessable (random) method of authentication so that remote programs can't easily guess the next proper move before you program does something potentially harmful. >>From cryptography: Assume that the adversary knows the mechanism, but >not the passwords/keys. So: Use a password or somethin...