[PLUG] Add gmail like security enhancements to rainloop?
Michael Christopher Robinson
michael at robinson-west.com
Tue Feb 12 04:33:33 UTC 2019
If you try to log into your gmail account on a Linux desktop, it's
typical that you get a text on your smartphone and have to indicate
what secret number you received in that text in your firefox session
on Linux. I think I want that for my CentOS 7 server running rainloop
community edition. First off, how from a Linux server on the Internet
do I text my smartphone via phone number? Second, how do I generate a
random number between 0 and 100 that is different from the last one?
Third, how do I modify rainloop to ask which of three plausible numbers
the secret number is? Is there a better way to toughen up security?
How secret is a text to my smartphone? Are SMS messages interceptable?
If so, how do I secure them so that the secret isn't public knowledge?
Basically, I want to text my smartphone from my CentOS 7 server when I
try to log in to rainloop a secret number and require that number to
complete logging in.
I'm dealing with bots I think dictionary attacking my rainloop server
so they can log on and spam people. I'm not interested in allowing
this to go on and I don't want spammers in my inbox able to steal my
contacts and able to delete messages that I need to see. One approach
to securing my server is to try and track which Internet sources are
valid and block all others, but that's highly inconvenient and
potentially processing intensive. Besides, I want to be able to
legitly log in from nearly random Internet source addresses. I
tend to be in a single geographic area, so if I'm not out of country
I should be able to block anyone who is...
I have a server hosted by Eskimo North in Washington state. I don't
know if that server can SMS my smartphone or not, but if it can I am
interested in trying.
Michael C Robinson
More information about the PLUG
mailing list