CodeCanyon

Captcha changes

MrBond
4 posts
  • Bought between 1 and 9 items
  • Canada
  • Has been a member for 2-3 years
MrBond says

falls off chair

1 year ago via ActiveDen |
dgoodlad
13 posts
  • Australia
  • Envato Developer
  • Envato Staff
  • Has been a member for 1-2 years
dgoodlad dev says
Joost said
[...] Then again, I don’t really see the brute-force issue to begin with. As long as the server implements a delay of say 1 or 0.5 second per login attempt (which is hardly noticable for a legitimate user), that would cause as much as a 7 character password to be quite infeasible to crack. Can anyone enlighten me? Or it a parallel request attack that makes this feasible regardless of the millions of required requests? Or would that cause an effect similar to a DDoS and backfire on the attackers?

Instead of thinking about a distributed dictionary attack against a single user trying many passwords, consider an attack against many users trying few simple passwords. Lots of people out there still use trivial passwords, which is what that kind of attack is targeting.

In the case of a distributed attack against many user accounts, it’s very difficult to track and identify malicious login attempts versus legitimate ones. A delay between login attempts doesn’t help with this style off attack either, sadly.

Dave

1 year ago via PhotoDune |
chendo
52 posts Master of the Internets
  • Australia
  • Bought between 10 and 49 items
  • Envato Developer
  • Envato Staff
  • Exclusive Author
  • Grew a moustache for the Envato Movember competition
  • Has been a member for 2-3 years
  • Referred between 1 and 9 users
chendo dev says
dtbaker said
@chendo while ur at it, is it hard to make the “Logout” button kill the users session on ALL marketplaces? not just the one they click logout on?

It’s on the books.

1 year ago via PhotoDune |
DarkstarDesigns
DarkstarDesigns Recent Posts
Threads Started
1959 posts
  • Community Superstar
  • Gold Mo Grower
  • Sold between 5 000 and 10 000 dollars
  • Author was Featured
  • Item was Featured
  • Most Wanted Bounty Winner
  • Featured in a Magazine
  • Author had a Free File of the Month
  • Interviewed on the Envato Notes blog
+8 more
DarkstarDesigns says

They are so hard to read it often take four or so attempts to get it right, they dont need to be so hard!

1 year ago via GraphicRiver |
bitfade
1844 posts
  • Elite Author
  • Sold between 100 000 and 250 000 dollars
  • Author had a File in an Envato Bundle
  • Has been a member for 4-5 years
  • Author had a Free File of the Month
  • Won a Competition
  • Author was Featured
  • Item was Featured
  • Bought between 10 and 49 items
+4 more
bitfade says

1 year ago via ActiveDen |
cloud9communication
cloud9communication Recent Posts
Threads Started
555 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Sold between 10 000 and 50 000 dollars
cloud9communication says

now its great earlier i had to zoom in my screen to read the CAPTCHA

1 year ago via VideoHive |
Joost
3372 posts
  • Has been a member for 4-5 years
  • Author was Featured
  • Contributed a Tutorial to a Tuts+ Site
  • Netherlands
  • Community Moderator
  • Microlancer Beta Tester
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Exclusive Author
+4 more
Joost moderator says
dgoodlad said
Instead of thinking about a distributed dictionary attack against a single user trying many passwords, consider an attack against many users trying few simple passwords
dtbaker said
if there are 10,000 current password guesses getting fired at the server, then the server has to keep those 10,000 requests open while the delay runs. it wouldn’t really achieve anything with the delay other than putting more load on the server.

Ah, those are interesting viewpoints. Didn’t look at it like that. You’re both absolutely right, and luckily using reCaptcha does indeed solve these issues effectively :) Thanks again for looking after us, devs!

1 year ago via ActiveDen |
no-thumbnail
6 posts
  • Bought between 1 and 9 items
  • Has been a member for 2-3 years
tomato1 says

LOL @9GAG post..I like the changes by the way…

1 year ago via ThemeForest |
MSFX
7343 posts
  • Attended a Community Meetup
  • Community Moderator
  • Has been a member for 5-6 years
  • United Kingdom
  • Contributed a Tutorial to a Tuts+ Site
  • Won a Competition
  • Contributed a Blog Post
  • Beta Tester
  • Bought between 50 and 99 items
+4 more
MSFX moderator says

so i’m logged into AD and when I go to TF i’m logged out… thought this was fixed?

1 year ago via ActiveDen |
studio_21
358 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 1-2 years
  • Interviewed on the Envato Notes blog
  • Item was Featured
  • Most Wanted Bounty Winner
  • Romania
  • Sold between 5 000 and 10 000 dollars
studio_21 says

Cool, less annoying.

1 year ago via AudioJungle |

Search forums

Active threads

Private Beta Users, your feedback please! 29 replies, last by Typps 25 minutes ago
Direct Bank Transfer?? 4 replies, last by playnethemes 26 minutes ago
Can I sell with my price? 30 replies, last by ArashFarivar 33 minutes ago
Are your sales numbers off? 15 replies, last by Tean 39 minutes ago
Let's share funny GIF animations 467 replies, last by SeventhQueen 54 minutes ago
[New Features] Rating reminder emails and Email Settings panel 58 replies, last by Enabled 1 hour ago
Yay!-thread 777 replies, last by neeesteea 2 hours ago
by
by
by
by
by