Quote:
|
Originally Posted by Doctor Dre
P.S. about anybody that say stolen password traffic is useless, you are WRONG ! spywares and dialers and stuff like that always works fine ;)
|
How can you tell what is stolen pass traffic from paying client traffic? The fastest way to destroy your reputation.
Quote:
|
Originally Posted by subVERSION
Not that I'm on the enemy's side.
But.... NONE of you gentlemen have even came close to giving as complete of an intelligent response as he's been.
Even if he couldn't really do what he's saying.
This mutherfucker knows how to market his services.
Job well done. 
And FYI, What he's saying is quite possible. No doubt about that. |
You are correct signore. Negitive response people either do not own paysites or are ignorant surfers searching for acceptance.
Quote:
|
Originally Posted by shap
Think again. I have absolutely no doubt about that one. I've seen it happen.
|
Eccellente signore Shap, he knows this industry.
http://www.gofuckyourself.com/showth...72#post8541672
http://www.gofuckyourself.com/showth...82#post8541682
http://www.gofuckyourself.com/showth...87#post8541687
Quote:
|
Originally Posted by Due
Didnt read it all.
But a easy fix could be making logins PHP based with sessions and cookie verification.
before your user / pass match function put
<?
sleep(1);
?>
In case of failed user pass put:
<?
sleep(5);
?>
in case of visitor comming through a proxy put a extra function that requirre image verification.
It will take 1 second to login if you enter a successfull user / pass, and 6 seconds before you get a responce if you enter a wrong combination.
To make it more complicated you can additionally set PHP to return random apache headers.
It wont stop hacking completely, but slow down the process so it will hardly be worth the effort.
PHP w session / cookie based authorization can also be used as regular htaccess returning "200 OK" login for all requests, but only showing the actual content for people that made a match
|
Bravo signore! In reality, many paysites implement those security features. To no avail do they work. Sceptable of my claims? May I introduce you to sites that offer better coded security than your example.
Strongbox defeated!
teentopanga proxy block & OCR (image) log-on defeated.
New page to stop hackers? Lets see how their security works.
Doesnt seem their new security page stops hackers. Defeated!
Gaining unauthorized access is a challange. Most programmers today are old school coders. They do not respect or realize the know-how of todays crackers. Deluxpass was mis-advised thinking automatically generated numerical users & passes would defeat us. Deluxpass learned a hard & costly lesson. Reviewing the prices of Strongbox are ridiculous. You can have the best security possible on your site. If your billing company is weak, your site is weak. It's not only your billing company, google and msn spiders tear you a new hole.
Some billing companies require the client to use their email addy as their user. Many use their email addy pass as the site pass. We check for that error in judgement and have 1000's of stolen email addresses. We use those email addresses to register on places like GFY. Not only is your site security breached, so are your clients email addresses. Some accounts hold interesting data from other sources.
We keep our message board secure. Only .edu email addresses are accepted. University students will not report us over the chance their future careers could be jeopardized. Futhermore, some of their fellow university students code for us. Wouldnt be healthy for them to be a hero. Its a constant rotation of college students. Each graduating class is replaced with freshmen. Replacement includes word of mouth which adds new universities each fall.
Some mentioned the ugly word extortion. Signore, we do not want your $$. We make more $$ off your members area then you can pay us.
Grande rispetto signore Shap & subVERSION!
Bravo the porn industry, bravo!
Ciao bella