[update] I've accepted an answer, as lc deserves the bounty due to the well thought-out answer, but sadly, I believe we're stuck with our original worst case scenario: CAPTCHA everyone on purchase attempts of the crap. Short explanation: caching / web farms make it impossible for us to actually track hits, and any workaround (sending ...
I was just reading this post http://stackoverflow.com/questions/549/the-definitive-guide-to-website-authentication-beta#477585 on Preventing Rapid-Fire Login Attempts. Best practice #1: A short time delay that increases with the number of failed attempts, like: 1 failed attempt = no delay 2 failed attempts = 2 sec delay 3 failed ...
I'm writing a VoIP honeypot. Right now, it's listening on a specific port (SIP) for incoming connections. What would you suggest are the most important features it should have in terms of scanning/attack detection and analyzing? I don't think there are many sophisticated attacks out there (yet), so implementing anything beyond DoS/floodi...
With honeypot, i mean more or less this practice: #Register form <style> .hideme{ display:none; visibility: hidden; } </style> <form action="register.php"> Your email: <input type="text" name="u-email" /> Choose a password: <input type="text" name="passwd" /> <div class="hideme"> Please, leave...