Re: Wiki 2FA

On Sun, Jan 24, 2016 at 12:51 AM, Joshua D. Drake <jd(at)commandprompt(dot)com>
wrote:

> On 01/23/2016 03:49 PM, Tom Lane wrote:
>
>> "Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
>>
>>> On 01/23/2016 03:35 PM, Tom Lane wrote:
>>>
>>>> I doubt it would help much unless we required a 2FA auth cycle for
>>>> every single edit, which I for one wouldn't stand for. Reasonably
>>>> user-friendly policies like one auth a day would still be plenty
>>>> easy for spammers too. (They've got phones too ya know.)
>>>>
>>>
>> Bummer, o.k. Although it seems that spammers only go after easy targets.
>>>
>>
>> I dunno. I was astonished that they came back a second time after we'd
>> once thrown them off and cleaned up the mess; you'd think they'd realize
>> that that would just happen again. I think it may have been an
>> intentional attack on the PG project as such, not just drive-by spamming.
>> (If so, and if the goal was to complicate our lives, they succeeded.)
>>
>> Or maybe I'm just too paranoid.
>>
>
> Hrm, do we have the IPs that they were coming from? Were they from a
> specific block? Or GEO region? I hate the idea of blocking login from a
> region but it may be an unfortunate reality.
>
>

The majority was from India, but not all. Most of it was from what looked
like typical residential or small business DSL connections. Some also
originated from USA. Those were the only two sources I saw when I looked
back then, but we had a limited number of attempts logged at that time.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/