said by bjlockie:Is 15 random digits enough these days?
Microsoft thinks so, if that tells you anything
I switched to 28 minimum characters on any system/site that will take them.
Just block the IP block from your server entirely since you know the source.