GoFuckYourself.com - Adult Webmaster Forum - View Single Post

rabbit · 08-01-2003, 04:16 PM

for all the talk of how many sales are lost due to free content on tgps, i find this issue ignored. in the biggest 10 password trading boards, litterally thousands upon thousands of logins are posted every single day.

seriously, i have only seen 3 successful attempts at blocking bruteforce attacks: what hawg is doing:
http://www.shemalemistresses.com/enter_members.php?r=1

so simple, but speaking from experience, it's impossible to crack using the conventional tools (which 85% of all crackers will use)

the other site is overdevelopedamateurs.com- the IP is blocked after 1 unsuccessful attempt for 1 hour. mind you, most attacks are done using an anonymous proxy, but i have never seen this site's passwords traded, even after repeated requests. so it must work

another way is to use a secure login page (https)

those of you using Pennywise must remember you're still leaking bandwidth like crazy. besides, you're not attacking the problem at the root: your passwords still get compromised.

so let me ask: what's stopping all the other guys from implementing something that hawg has done. i'm sure you will save shitload in bandwidth costs, while the sales for those sites will go up as no one will be able to get in for free. i realize smaller sites may not be able to afford something more elaborate, but what's stopping the big guys?

carbon

08-01-2003, 04:16 PM
rabbit Confirmed User Join Date: Jul 2003 Location: Montreal Posts: 2,124	What are you doing to stop bruteforcing for all the talk of how many sales are lost due to free content on tgps, i find this issue ignored. in the biggest 10 password trading boards, litterally thousands upon thousands of logins are posted every single day. seriously, i have only seen 3 successful attempts at blocking bruteforce attacks: what hawg is doing: http://www.shemalemistresses.com/enter_members.php?r=1 so simple, but speaking from experience, it's impossible to crack using the conventional tools (which 85% of all crackers will use) the other site is overdevelopedamateurs.com- the IP is blocked after 1 unsuccessful attempt for 1 hour. mind you, most attacks are done using an anonymous proxy, but i have never seen this site's passwords traded, even after repeated requests. so it must work another way is to use a secure login page (https) those of you using Pennywise must remember you're still leaking bandwidth like crazy. besides, you're not attacking the problem at the root: your passwords still get compromised. so let me ask: what's stopping all the other guys from implementing something that hawg has done. i'm sure you will save shitload in bandwidth costs, while the sales for those sites will go up as no one will be able to get in for free. i realize smaller sites may not be able to afford something more elaborate, but what's stopping the big guys? carbon __________________ Got a paysite? Get it reviewed by RabbitsReviews and TheBestPorn