[update] I've accepted an answer, as lc deserves the bounty due to the well thought-out answer, but sadly, I believe we're stuck with our original worst case scenario: CAPTCHA everyone on purchase attempts of the crap. Short explanation: caching / web farms make it impossible for us to actually track hits, and any workaround (sending ...
I was just reading this post http://stackoverflow.com/questions/549/the-definitive-guide-to-website-authentication-beta#477585 on Preventing Rapid-Fire Login Attempts.
Best practice #1: A short time delay that increases with the number of failed attempts, like:
1 failed attempt = no delay
2 failed attempts = 2 sec delay
3 failed ...
I'm writing a VoIP honeypot. Right now, it's listening on a specific port (SIP) for incoming connections. What would you suggest are the most important features it should have in terms of scanning/attack detection and analyzing? I don't think there are many sophisticated attacks out there (yet), so implementing anything beyond DoS/floodi...
With honeypot, i mean more or less this practice:
#Register form
<style>
.hideme{
display:none;
visibility: hidden;
}
</style>
<form action="register.php">
Your email: <input type="text" name="u-email" />
Choose a password: <input type="text" name="passwd" />
<div class="hideme">
Please, leave...