Paysite owners - GoFuckYourself.com

angelsofporn · 05-17-2004, 04:58 PM

I need a solution quick. I have tons of passwords hacked on our system everyday and it is starting to eat at the bottomline because legitimate subscribers cannot access the accounts they pay for.
We have pennywize in place and it blocks the brute force guys and kills passwords that are being accessed from more than a certain number of subnets in a 24 hour period.
How can i get something like this?
http://members.hardcoretraining.com/?lang=en
This seems to be the way to go.

SlickRick · 05-17-2004, 05:10 PM

get .htscess installed
I had the problem, but not really bad with passwords floating around at the crack sites.

Sly_RJ · 05-17-2004, 05:11 PM

Quote:

Originally posted by SlickRick
get .htscess installed
I had the problem, but not really bad with passwords floating around at the crack sites.

Damn, why didn't we think of that!

angelsofporn · 05-17-2004, 05:22 PM

anyone with a solid idea please post here

notjoe · 05-17-2004, 05:39 PM

Quote:

Originally posted by angelsofporn
anyone with a solid idea please post here

Hit me up on ICQ @ 5956902

doober · 05-17-2004, 05:57 PM

bizzzump for a good q

crescentx · 05-17-2004, 06:09 PM

ProxyPass does much better than Pennywize, but you still need to keep an eye if they get creative. It does block proxy attacks, and all the usual stuff pennywize does. Make sure your billing processors' software is the latest version. (Which processors?)

-doug

lagwagon · 05-17-2004, 06:11 PM

we have the same problem. after a certain level of members htaccess was crunched. so we set up a mysql db.... but now we are going to switch to generating the user/pass for the customer. this should help a lot against brute force attacks.

PrivateIvy · 05-17-2004, 06:12 PM

go with Password Sentry..it's better than Pennywize ...I've used it for 2 years now and wouldn't use anything else !

Ivy

NaughtyAlysha · 05-17-2004, 06:53 PM

I like that... I'd be interested in something like that for my sites.

Hardcore J · 05-17-2004, 06:56 PM

As already mentioned proxy pass is the way to go. I used to have pennywize and had a lot of problems, since I got proxie pass I haven't had a single break in in around 8 months.. with pennywize I was getting 1 a week.

Chris -- before you start randomly generating user/passes you should check out proxy pass.. will save your members a lot of hassle!

tony286 · 05-17-2004, 07:04 PM

We have both password sentry and proxypass (I am suspenders and belt type of guy) . They have both been excellent for us and the password sentry guy is one of the nicest guys in the world .

Sly_RJ · 05-17-2004, 07:10 PM

You guys got a link for Proxy Pass?

Thanks.

angelsofporn · 05-17-2004, 07:52 PM

Quote:

Originally posted by Hardcore J
As already mentioned proxy pass is the way to go. I used to have pennywize and had a lot of problems, since I got proxie pass I haven't had a single break in in around 8 months.. with pennywize I was getting 1 a week.

Chris -- before you start randomly generating user/passes you should check out proxy pass.. will save your members a lot of hassle!

None is 8 months? shit man..i have 60 hacked every day and i am am mysql and pennywize

angelsofporn · 05-17-2004, 07:57 PM

What makes proxypass so much better than pennywize?

Lane · 05-17-2004, 08:01 PM

Quote:

Originally posted by angelsofporn
I need a solution quick. I have tons of passwords hacked on our system everyday and it is starting to eat at the bottomline because legitimate subscribers cannot access the accounts they pay for.
We have pennywize in place and it blocks the brute force guys and kills passwords that are being accessed from more than a certain number of subnets in a 24 hour period.
How can i get something like this?
http://members.hardcoretraining.com/?lang=en
This seems to be the way to go.

first you should identify how they get in the first place.

- some of them use bruteforce attacks to guess the logins.
- some of them find a backdoor to insert their own user logins into your user management system.

pennywize is good for detecting multiple uses of the same login but you need a solution that blocks brute force attacks at the server connection level as well, so they dont even get to apache.

TheDoc · 05-17-2004, 08:14 PM

Quote:

Originally posted by angelsofporn
None is 8 months? shit man..i have 60 hacked every day and i am am mysql and pennywize

I use pennywize and have anywhere from 20k-80k log-in attempts daily and I might have one leak a month. On your sign-up forms tell the visitor to use one uppercase and a number in their user/pass.

One small line will save ya tons of trouble.

angelsofporn · 05-17-2004, 08:15 PM

Quote:

Originally posted by Lane
first you should identify how they get in the first place.

- some of them use bruteforce attacks to guess the logins.
- some of them find a backdoor to insert their own user logins into your user management system.

pennywize is good for detecting multiple uses of the same login but you need a solution that blocks brute force attacks at the server connection level as well, so they dont even get to apache.

does proxypass do this better than pennywize?

TheDoc · 05-17-2004, 08:16 PM

Quote:

Originally posted by angelsofporn
does proxypass do this better than pennywize?

Proxypass doesn't do what he is talking about. His is server level and custom coded.

Lane · 05-17-2004, 09:01 PM

Quote:

Originally posted by angelsofporn
does proxypass do this better than pennywize?

national-net has a custom solution for what i have mentioned, but other than that i havent looked around for any alternatives

raymor · 05-17-2004, 09:36 PM

Strongbox is a whole new approach that is WAY above and beyond
anything like Pennydumb.
Not only does it keep the hurlers from getting in, but it discourages
them from even continueing the attack and slowing your server.
It protects from hurlers (brute force attacks), password sites, and various
other evils.
Unlike PennyWize, Password Sentry, or other old fashioned approaches,
Strongbox is 100% compatible with the latest versions of Microsoft Media
Player.
That, and the price is definitely right.
Several of the well know members of this board, TLA's, and
GFY use it on all of their pay sites and swear by it.

For more information, see:
http://webmastersguide.com/?htaccess-cgi/strongbox/

05-17-2004, 04:58 PM	#1
angelsofporn Confirmed User Join Date: Mar 2002 Location: CA Posts: 3,218	Paysite owners I need a solution quick. I have tons of passwords hacked on our system everyday and it is starting to eat at the bottomline because legitimate subscribers cannot access the accounts they pay for. We have pennywize in place and it blocks the brute force guys and kills passwords that are being accessed from more than a certain number of subnets in a 24 hour period. How can i get something like this? http://members.hardcoretraining.com/?lang=en This seems to be the way to go.

05-17-2004, 06:09 PM	#7
crescentx Confirmed User Join Date: Jun 2003 Posts: 317	ProxyPass does much better than Pennywize, but you still need to keep an eye if they get creative. It does block proxy attacks, and all the usual stuff pennywize does. Make sure your billing processors' software is the latest version. (Which processors?) -doug __________________ XYCash International Gay Affiliate Program

05-17-2004, 06:11 PM	#8
lagwagon Confirmed User Join Date: Jul 2001 Location: az Posts: 8,464	we have the same problem. after a certain level of members htaccess was crunched. so we set up a mysql db.... but now we are going to switch to generating the user/pass for the customer. this should help a lot against brute force attacks. __________________ FTVGirls - FTVMilfs - DanielleFTV

05-17-2004, 06:53 PM	#10
NaughtyAlysha Confirmed User Join Date: Feb 2002 Location: Tampa Bay, FL Posts: 1,843	I like that... I'd be interested in something like that for my sites. __________________ ExtremeBank.com, the EXTREME program for NaughtyAlysha.com.

05-17-2004, 07:10 PM	#13
Sly_RJ Live Hard - Die Hard Join Date: Feb 2002 Location: Ready to leave... Posts: 17,042	You guys got a link for Proxy Pass? Thanks. __________________ PHAT SERVERS - Quality dedicated hosting at a quality price! sly AT phatservers DOT com - 147479144

05-17-2004, 05:10 PM	#2
SlickRick Confirmed User Industry Role: Join Date: Jan 2003 Location: Kingman AZ Posts: 2,849	get .htscess installed I had the problem, but not really bad with passwords floating around at the crack sites.

05-17-2004, 05:22 PM	#4
angelsofporn Confirmed User Join Date: Mar 2002 Location: CA Posts: 3,218	anyone with a solid idea please post here

05-17-2004, 05:57 PM	#6
doober Confirmed User Join Date: Jul 2003 Location: in yoOoo kitchen Posts: 6,984	bizzzump for a good q

05-17-2004, 06:12 PM	#9
PrivateIvy Confirmed User Industry Role: Join Date: Oct 2003 Location: North Carolina Posts: 4,257	go with Password Sentry..it's better than Pennywize ...I've used it for 2 years now and wouldn't use anything else ! Ivy

05-17-2004, 06:56 PM	#11
Hardcore J Hardcore 4 Life™ Join Date: Mar 2003 Location: Everett, WA Posts: 2,553	As already mentioned proxy pass is the way to go. I used to have pennywize and had a lot of problems, since I got proxie pass I haven't had a single break in in around 8 months.. with pennywize I was getting 1 a week. Chris -- before you start randomly generating user/passes you should check out proxy pass.. will save your members a lot of hassle!

05-17-2004, 07:04 PM	#12
tony286 lurker Industry Role: Join Date: Aug 2002 Location: atlanta Posts: 57,021	We have both password sentry and proxypass (I am suspenders and belt type of guy) . They have both been excellent for us and the password sentry guy is one of the nicest guys in the world .

05-17-2004, 07:57 PM	#15
angelsofporn Confirmed User Join Date: Mar 2002 Location: CA Posts: 3,218	What makes proxypass so much better than pennywize?

05-17-2004, 09:36 PM	#21
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	Strongbox is a whole new approach that is WAY above and beyond anything like Pennydumb. Not only does it keep the hurlers from getting in, but it discourages them from even continueing the attack and slowing your server. It protects from hurlers (brute force attacks), password sites, and various other evils. Unlike PennyWize, Password Sentry, or other old fashioned approaches, Strongbox is 100% compatible with the latest versions of Microsoft Media Player. That, and the price is definitely right. Several of the well know members of this board, TLA's, and GFY use it on all of their pay sites and swear by it. For more information, see: http://webmastersguide.com/?htaccess-cgi/strongbox/ __________________ For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids