I just had a thought. In the forums we are required to post our username, server and domain sometimes. So if I want to paralyze a site, could I not just attempt a few logins and thereby lock someone out of their account? Is there a feature to reset via one's email (brute force counter not password) or security question that doesn't otherwise bother the admins?