Limit Login Attempts Plugin

IMG_0025I recently added to my WordPress blog security now that blogs like these are being targeted by botnets. I’ve found a great plugin called “Limit Login Attempts” which allows me to set lockout values to people who try to guess what the ‘admin’ account password is.

First, lets just say that the level of entropy in my admin accounts is so high that there isn’t enough time left in the Universe to try every combination – but that being said, my values for this plugin would make this a non-issue. I give people 4 attempts to try the ‘admin’ account, after that they are locked out for 1440 minutes, a day. If they lockout twice, the lockout penalty goes to 720 hours, or a month. There is 4320 hour span until retries are reset, that’s 6 months.

Of course, the filter also captures the IP address, so I’m going to look into getting a IP blacklist plugin and adding these captured IP addresses to that blacklist. They’ll never be allowed to my blog. This line of reasoning led me to think about an immune system for the Internet. If an IP does something wrong, it is blacklisted and that fact is then sent to every other site and they blacklist it as well. One false move and you are suddenly banished from the network. I think this would radically change how people behave online. There would definitely be a lot of noise raised when people are suddenly unable to communicate with any host whatsoever because their systems were filthy, compromised, or malevolent. That would add a certain value of responsibility. It would only be a little bit more to establish a site like Digg where people vote on the malevolence of comment traffic, putting trolls right along with botnets and black-hats, out in the cold, banished where they all belong.

I can smell an RFC forming. 🙂

photo by: katerha

Tent Flapping

Spam wall
Went back and forth just now on IntenseDebate plugin for WordPress.org. I thought it might be useful and add some features to my blog that would be nice to have, like After-The-Deadline plugin for comments and such. Everything was going well until I noticed that my Akismet Spam queue was at 74 comments. I tried to open the queue and couldn’t as IntenseDebate had replaced that part of my blog with its own controls. So, with no way to look at my Akismet Spam queue I decided that the pros for the IntenseDebate plugin couldn’t compensate for the way it broke my blog when it came to Akismet Spam queue access. So, there was for a brief time a new comment system, and then there wasn’t.

Which doesn’t mean a lot because people aren’t actually commenting on my blog, they are commenting on Facebook. I do get the one-off Twitter retweet or favorite, but that’s it.