-
rswindell authoredsignup process would be started without the current client IP address being added to the 'failed login attempt' list. This means that brute force login attempts using SSH or RLogin would usually not be subject to the loginAttempt delays and logging/filtering settings (in sbbs.ini), since the usernames attempted (e.g. root, admin) are usually not valid usernames. More: - Log failed password attempts before calling badlogin() -which can delay. - Stop RLogin and SSH password prompt loop immediately if disconnected. - Log RLogin and SSH passwords used for invalid usernames (when password logging is enabled in SCFG). - Log attempted usernames in quotes (so prepenned or trailing whitespace is more obvious)
rswindell authoredsignup process would be started without the current client IP address being added to the 'failed login attempt' list. This means that brute force login attempts using SSH or RLogin would usually not be subject to the loginAttempt delays and logging/filtering settings (in sbbs.ini), since the usernames attempted (e.g. root, admin) are usually not valid usernames. More: - Log failed password attempts before calling badlogin() -which can delay. - Stop RLogin and SSH password prompt loop immediately if disconnected. - Log RLogin and SSH passwords used for invalid usernames (when password logging is enabled in SCFG). - Log attempted usernames in quotes (so prepenned or trailing whitespace is more obvious)
Loading