Re: understanding the logs
- On 8 November 2011 02:53, Stan Hoeppner <stan@...> wrote:
> On 11/8/2011 1:13 AM, Geert Mak wrote:For password strength, I'm not sure the conventional wisdom of numbers
>> We had a user account hacked (weak password) and our SMTP server was used for sending spam. We discovered it after our mail server IP began to show up in RBLs. We improved the passwords, however the question is how best to watch the server in case a similar thing happens again.
> 1. Create and enforce a minimum password complexity policy, preferably
> on your web based account creation page, something like:
and punctuation are relevant any more. They help when the attacker is
known to you, but password length is a much better indicator of