|
|
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
2006-06-08, 09:52 AM | #1 |
WHO IS FONZY!?! Don't they teach you anything at school?
|
PASSWORD SHARING ALERT TO ALL PAYSITE OWNERS!!!
As an affiliate of hundreds of adult websites and owner of 21 paysites of my own, I have to post this password sharing alert to my colleagues, as we all are loosing money.
Fellow paysite webmasters you need to check the following password sharing websites, if not each and every day, at least several times a week, and take action (delete) towards the member account being shared. Before I post the list where one of my paysites was listed which I caught on to after about 10 hours of heavy use, I want to say that I do not have the time/resources to legally pursue the owners of these websites on my own, but I am willing to join a class-action lawsuit. Here is a list of the sites password sharing sites I know of, and feel free to add to this list, thanks! http://www.rawpasswords.com/ http://www.happy-hacker.com/ http://www.ultrapasswords.com/ http://www.passworduniverse.com/ http://www.sexhackers.com/ http://www.loginaccepted.com/ http://www.4passes.com/ http://www.villainess.com/xxxPasswords/21/2006 http://www.xxxpass.se/pass2/2006-05-26-(8635).php http://porno-paroli.sexnarod.ru/topic99976_70.html Note: You may not need to check every single one of the above sites, as it seems most or all usernames and passwords combinations trickle to most or all sites over time. Finally this thread should perhaps be made sticky by the moderators.
__________________
<a href="http://www.AdultSite-Review.com">Adult Web Site Reviews</a> - <a href="https://secure.PayAsYouClick.com/signup.aspx?payc=302373">Pay As You Click - Micro Billing</a> Last edited by AdultsiteReview; 2006-06-08 at 10:28 AM.. |
2006-06-08, 10:22 AM | #2 |
The only guys who wear Hawaiian shirts are gay guys and big fat party animals
Join Date: May 2004
Posts: 171
|
that sucks
__________________
google is bitch |
2006-06-08, 12:52 PM | #3 |
You can now put whatever you want in this space :)
|
ya know, it might be helpful if you posted that some of those sites have trojans embedded on them prior to having someone go to them and see if their members areas are listed....
just a thought spaz |
2006-06-08, 02:04 PM | #4 |
WHO IS FONZY!?! Don't they teach you anything at school?
|
I check every site on the above list every day using the Opera browser and have not had a problem!
__________________
<a href="http://www.AdultSite-Review.com">Adult Web Site Reviews</a> - <a href="https://secure.PayAsYouClick.com/signup.aspx?payc=302373">Pay As You Click - Micro Billing</a> |
2006-06-08, 02:13 PM | #5 |
You can now put whatever you want in this space :)
|
happy-hacker sent my norton's ballistic with a downloader trojan
multipe attempts to install bummer huh, it caught it though spaz |
2006-06-08, 08:26 PM | #6 |
Heh Heh Heh! Lisa! Vampires are make believe, just like elves and gremlins and eskimos!
Join Date: Jan 2006
Posts: 72
|
Don't forget about IRC, newsgroups, etc. Rather then worry about password sharing sites though, you should be worrying about securing your sites. I highly suggest generating your own passwords ( don't let the user pick them ) and install something like StrongBox ( http://www.bettercgi.com/strongbox/ ). Surfers are getting savvy.. it's up to you to keep crackers out.
|
2006-06-09, 02:26 AM | #7 | |
I want to set the record straight - I thought the cop was a prostitute
|
Quote:
Basic paysite 101. Get ProxyPass or StrongBox (they seem to be the top 2) I use ProxyPass. You have to think of password site traffic as free traffic. Don't bitch about it, make money off it. Some of those sites have been around for over 6 or 7 years, maybe longer. Do a search on ultrapasswords, he's probably the most well known. |
|
2006-06-09, 02:31 AM | #8 |
Are you sure this is the Sci-Fi Convention? It's full of nerds!
|
Yup those pass sites and hundreds if not thousands of others have been up since adult started. Take one down, 5 popup in it's spot.
While it's shit traffic, it still converts. And yes, prevention is always better then cure. -N
__________________
The afp ownz all your base. |
2006-06-09, 09:08 AM | #9 | |
You can now put whatever you want in this space :)
|
Quote:
I remember a certain busty site that featured amateurs before its owner 'found god' and got out of the business they used to exploit the password sharing by setting up a fake members area with limited content and give out the passwords to password hacking sites and get them on the upsells to the real members area that was protected like a safe! spaz |
|
2006-06-09, 10:21 AM | #10 | |
Banned
Join Date: Aug 2003
Location: Mohawk, New York
Posts: 19,477
|
Quote:
|
|
2006-06-09, 11:56 AM | #11 | |
I'm normally not a praying man, but if you're up there, please save me Superman!
|
Quote:
__________________
The tendency is to push it as far as you can -- Fear and Loathing In Las Vegas |
|
2006-06-09, 12:46 PM | #12 | |
Banned
Join Date: Aug 2003
Location: Mohawk, New York
Posts: 19,477
|
Quote:
Looking at this, "When a member initially connects to the AOL host complex, the client software receives network configuration information, including the IP addresses for the local system and for the DNS server. The member's IP address is a Dyamically Assigned Hardware Address (DAHA), which is an address that is assigned to a session. Once the session has ended, the address may be reassigned." it looks like the aol user is good until they log off. And even then, "the address may be reassigned". |
|
2006-06-10, 02:23 AM | #13 | |
I want to set the record straight - I thought the cop was a prostitute
|
Quote:
That's exactly part of what proxypass does along with protecting from bruit force attacks. It actually changes the password. You can't stop there though. The real owner of that password needs to be notified of the new password. Finally we have that process automated as well. Otherwise you need to have someone on it 24/7 or you end up with unhappy customers as 99% of shared passwords are not shared by the owner. |
|
2006-06-10, 04:33 AM | #14 | |
Stupid risks make life worth living
|
Quote:
Is it a guess or do you think they use spy software? Iīm not familiar with those problems because I donīt run a pasite yet, but Iīm building one. So itīs an interesting part for me. |
|
2006-06-10, 05:15 AM | #15 |
You tried your best and you failed miserably. The lesson is 'never try'
|
Guys, Htacces passwords are "quite" easily gathered with Accessdiver(.com). With a good wordlist and weak passwords is easy to find some passes.
I would advise every paysite owner to use accessdiver yourself to see for yourself. Best defence would be a (custom) php/cgi/whatever login instead of htacces imo. Or atleast make sure you block IP's that do over 5 attemps in 24 hours or so. Just my 2 cents. |
2006-06-10, 05:42 AM | #16 | |
I'm going to the backseat of my car with the woman I love, and I won't be back for TEN MINUTES
|
Quote:
|
|
2006-06-10, 06:19 AM | #17 | |
You can now put whatever you want in this space :)
|
Quote:
hackers comes along and wants to se your content or show off that he can 'hack' a site all they need is; the right software (extremely easy to get) a descent sized word list your members URL (http://www.yoursite.com/members) authorization failed provies this quickly 5 proxies (again easy to find) you get get literally dozens of working U/Ps in under a minute esp if the site has been around for awhile. New sites are harder to hack like this. spaz |
|
2006-06-10, 06:21 AM | #18 | |
You can now put whatever you want in this space :)
|
Quote:
but i am workin on a buddy christ spaz |
|
2006-06-10, 10:29 AM | #19 |
You can now put whatever you want in this space :)
|
Someone told me he puts up fake member areas on his free sites. He gives them some shitty free content there and links to sponsors. Then he goes to those password sharing boards and posts it as a password to a paysite... according to him he's getting sign-ups that way.
__________________
XLEF |
2006-06-10, 07:25 PM | #20 | |
I want to set the record straight - I thought the cop was a prostitute
|
Quote:
You want to generate them a random pass. Makes it much harder for the hackers and their scripts to guess. They basically try thousands and thousands of user pass combos on your site until they find one that works. Another reason why you want to use something like proxypass. After one IP tries to log in unsuccessfully after so many times it bans that IP for a period of time. Now as far as the old user pass, if someone tries to log in using the shared combination again, you send them to a fake members area. |
|
2006-06-10, 08:26 PM | #21 |
You can now put whatever you want in this space :)
|
Great! A couple of urls I didnt already have there. Thanks for sharing.
|
|
|