William-Xfactor

What you see there is typical of any password dump/ forum
No point wasting your time trying to close it down they will have several mirrors and will be back up in no time.

You will notice 99 percent of those logins are user defined ?simple to brute-force?
And ?simple to decrypt?

Crackers know that people in general are lazy and use the same passwords for every site they join.

You cannot run a pay site that allows your customers to choose their own logins and not expect to have major password issues.

If your billing company allows random passwords to be assigned to your customers, do it!
And use a good length, I recommend 15 char. That will stop passwords from being brute-forced. Also by having a good length ?say 15 char? even if they exploit your server or a script to locate your password file they will be flat out trying to decrypt it.

All that needs doing then is to install a script like password sentry and that will alert you to any password trading.

Gator

I wouldn't do that. That's a pain in the ass for the customers. The simplest solution is a form login page like this one:

http://www.polishmyhelmet.com/members/

William-Xfactor

Those forms can be brute-forced as well.
There are some very skilled coders on the dark side
Mr. Gator

cayne

that's the world of free porn...but if I take a look at my sign-ups many ppl don't know these kind of links.

__________________
If lesbian anal is wrong, I don't want to be right.

Adam-EB

None of ours there...

__________________
SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

Gator

I'm sure they can, but I still think it's better than using the pop up box login that it much easier to brute force.

William-Xfactor

Yes agreed it is a more secure option, however you?re still inconveniencing your customers by typing in the image content.

We use 15 char random logins, the members get used to it "most people are familiar with copy and paste"

Anyway I?m out for the night
Cheers

Gator

Well the only thing they have to type is the image content because they can save their u/p on the page and not have to type that or copy and paste it.

Anyway, I'm sure your system works well. I was just saying the form login page was simpler than having a user and pass like Ug834nfoGodkt5j/Risjt35Fks53GW.

Desperate Andy

There is always the other side of the coin. From our experience adding more complicated rules for creating the username and password leads to increasing of issues with creating accounts.

And still there're many customers who don't use (or don't know how to use, huh?) copy-paste to insert the info to log-in window.

__________________
Serious Coin Partnership Program: 50+ exclusive niche sites.
Convert your Medical, Lesbian, Nude Sports, BDSM, Femdom, CFNM Fetish traffic!

Matt 26z

If done correctly, yes, this could put an end to brute force. Unfortunately images as simple as they are using can be very easily read by an image reader program.

Goose

wow, that's a fucking huge list!!

__________________
ICQ: 52410619

Mr Dickovitch

I'm surprised they are not shut down yet.