Site owners - When do you terminate a member who you think is password sharing? - GoFuckYourself.com

ER!C L!VE · 12-25-2006, 09:52 AM

When you think someone has shared a password, do you email the person first and ask about the issue or do you just terminate him/her? I have strongbox and I can tell when a member has many different IPs have accessed the site. Some I have let slid, others I have flat out terminated. It depends on how I'm feeling that day. However, I really don't want to lose their business as these people could keep rebilling for 6 months as far as I know. Also, I know many of these people use the same login info on multiple sites, so haxorz can access sites using their info without the member knowing. So, what to do?

Thanks in advance!

Eric

Pete-KT · 12-25-2006, 09:54 AM

I let proxxypass block them for 10 days, if they email me and ask why they can't access we tell them why and ask them to change there un and pw, if it gets hacked again after then we know there sharing and leave them blocked

suesheboy · 12-25-2006, 09:54 AM

How many IPS per day - per week?

bopha · 12-25-2006, 09:58 AM

We use software to handle that as well.

ER!C L!VE · 12-25-2006, 10:03 AM

Cool. Thanks. I'll let them know they need to change their username and password and keep an eye on them after that. It varies on the ISPs.. 3-10 in a week or day.

What about the issue of charge backs? Do you refund or have you not had a chargeback issue with password sharing people?

CC · 12-25-2006, 10:04 AM

We just let iprotect do its job. If only a few people are sharing, it would still be worth it to me to keep getting the rebill.

Barefootsies · 12-25-2006, 10:07 AM

They are blocked as soon as they show up from different IP blocks. The system auto blocks them, and changes their password.

If it happens again, they then have to call or write and ask, "what up" personally.

Ange · 02-04-2007, 12:55 PM

I let proxypass block them too

TeenCat · 02-04-2007, 01:18 PM

proxypass, when 3ips are logged, block for 24hours, change pass to some d5FGfds1va6 and email to member, if it will continue do this three times and then say sorry to him cause his email or computer is hacked and that can be danger for your or your members security

rvn · 02-04-2007, 05:45 PM

I think that banning paid members is a bad idea. First of all, the same person can log in from home, then from work, then from laptop via wi-fi. If you want, you can ban these members automatically. As a result, your site's reputation will fall down, and there will be someone why may post messages on various forums and blogs that you are scam. I think that notifying these members by email about changing and not sharing their passwords is the best solution.

Bansheelinks · 02-04-2007, 06:18 PM

If they bandwidth-suck, its termination time.

And don't let them tell you, "I'll be baaack" or let them convince you that you have to "Come with me if you want to live."

Termination. T-1000 style.

Shoehorn! · 02-04-2007, 06:32 PM

Quote:

Originally Posted by rvn

I think that banning paid members is a bad idea. First of all, the same person can log in from home, then from work, then from laptop via wi-fi.

This is very true. Just because they login from a few different IPs doesn't necessarily mean that they are sharing.

cj_purve · 02-04-2007, 07:17 PM

If it walks like a duck and talks like a duck its probably not a chicken ...

If someone is just logging in from multiple ip's the downloads should be random, sporadic and average ... if a password has been shared or hacked you'll notice different movement in that account. I'm not sure if pennywize is still available for lease but it has a download counter for each user/pass that shows you who has downloaded what. Its not hard to spot the cheats if you have the right data.

GT-Omar · 02-04-2007, 07:20 PM

bump for good topic!

TheDoc · 02-04-2007, 07:52 PM

I use strongbox.. I check my logins all the time. With password leaks I first make sure the account should still be active (that does happen). If it's a leak I change the password and email the member a simply email that says we changed the password, and here is the new login details.

If the account re-leaks (very low %) and the account is a fresh cancel, I kill the access. If it's an old account I select a new hard password, from here if a re-leak happens again I cancel and close the account.

I check all failed password logins, and email the member a notice on why they are having login problems. I email 80% to the 20% that ask for help.

From here I check every login that takes place, since I can see every country/ip, anyone that has more than 2 logins from a different country/isp/ip I email a new password.

hell · 02-04-2007, 09:21 PM

i just change the password to there street address on file if they think ya know where they live they aint likely to do any shit
email them with a nice email saying ya password was changed for security reasons blah blah

ER!C L!VE · 02-04-2007, 09:24 PM

Quote:

Originally Posted by hell

i just change the password to there street address on file if they think ya know where they live they aint likely to do any shit
email them with a nice email saying ya password was changed for security reasons blah blah

lol that's (evil) genius!

I have a new password for the members.

RyuLion · 02-04-2007, 11:57 PM

You can spend a lot of time looking for password share'ers..
They get a email after they get blocked to change it..after the third time and warnings..we ban them!

Kolargol · 02-05-2007, 02:00 AM

it depends on how much they downloaded, how different their IPs are and also if the customer is and old one and might come back or rebill.

raymor · 02-05-2007, 11:17 AM

I'd re-enable the user can change the password only, not the user name, once
and email them the new password, telling them to be sure to keep it safe.
If the new password gets out on the password sites I'd probably cancel them.
I might give them one more chance. If a total of three different passwords of
theirs get out I'd figure they were giving it out and get rid of them.

One thing to be aware of, though, is password file ripping. If a LOT of passwords
get out at about the same time, a cracker probably found a hole in some PHP
script and downloaded your whole password file. That happens a lot if you use
the old DES encryption that was for so long the standard way to encrypt passwords.
That's not the user's fault, of course. In that case I'd upgrade the encryption, which
we can help you with, and assign new passwords to the affected users.

Normally I wouldn't change someone's user name, only their password, so it's
easy to see later if the same users password keeps getting out.

12-25-2006, 09:52 AM	#1
ER!C L!VE Confirmed User Join Date: Feb 2005 Location: WORLDW!DE Posts: 724	Site owners - When do you terminate a member who you think is password sharing? When you think someone has shared a password, do you email the person first and ask about the issue or do you just terminate him/her? I have strongbox and I can tell when a member has many different IPs have accessed the site. Some I have let slid, others I have flat out terminated. It depends on how I'm feeling that day. However, I really don't want to lose their business as these people could keep rebilling for 6 months as far as I know. Also, I know many of these people use the same login info on multiple sites, so haxorz can access sites using their info without the member knowing. So, what to do? Thanks in advance! Eric __________________ www.BackroomCastingCouch.com www.ExploitedCollegeGirls.com www.FCUKCash.com

12-25-2006, 09:54 AM	#3
suesheboy Confirmed User Industry Role: Join Date: Nov 2002 Location: FL - TN/NC Posts: 5,211	How many IPS per day - per week? __________________ Adult Web Site Domain Names For Sale Adult Sex Toy Domain Names For Sale Tantric Delights, Sex Toys Blog, Tantric Sex Toys

12-25-2006, 10:03 AM	#5
ER!C L!VE Confirmed User Join Date: Feb 2005 Location: WORLDW!DE Posts: 724	Cool. Thanks. I'll let them know they need to change their username and password and keep an eye on them after that. It varies on the ISPs.. 3-10 in a week or day. What about the issue of charge backs? Do you refund or have you not had a chargeback issue with password sharing people? __________________ www.BackroomCastingCouch.com www.ExploitedCollegeGirls.com www.FCUKCash.com

12-25-2006, 10:07 AM	#7
Barefootsies Choice is an Illusion Industry Role: Join Date: Feb 2005 Location: Land of Obama Posts: 42,635	They are blocked as soon as they show up from different IP blocks. The system auto blocks them, and changes their password. If it happens again, they then have to call or write and ask, "what up" personally. __________________ Should You Email Your Members? Link1 \| Link2 \| Link3 Enough Said. "Would you rather live like a king for a year or like a prince forever?"

02-04-2007, 01:18 PM	#9
TeenCat Too lazy to set a koala Industry Role: Join Date: Jan 2007 Location: CZ/EU forever! Posts: 16,139	proxypass, when 3ips are logged, block for 24hours, change pass to some d5FGfds1va6 and email to member, if it will continue do this three times and then say sorry to him cause his email or computer is hacked and that can be danger for your or your members security __________________ 6bot / Coming again very soon! Svit Zlin Radio 24/7!

12-25-2006, 09:54 AM	#2
Pete-KT Workin With The Devil Industry Role: Join Date: Oct 2004 Location: West Bloomfield, MI Posts: 51,532	I let proxxypass block them for 10 days, if they email me and ask why they can't access we tell them why and ask them to change there un and pw, if it gets hacked again after then we know there sharing and leave them blocked

12-25-2006, 09:58 AM	#4
bopha Confirmed User Join Date: Sep 2002 Posts: 1,882	We use software to handle that as well.

12-25-2006, 10:04 AM	#6
CC Confirmed User Join Date: Feb 2001 Posts: 1,690	We just let iprotect do its job. If only a few people are sharing, it would still be worth it to me to keep getting the rebill.

02-04-2007, 12:55 PM	#8
Ange Registered User Join Date: Jan 2006 Posts: 44	I let proxypass block them too

02-04-2007, 05:45 PM	#10
rvn Confirmed User Join Date: Sep 2006 Location: Ukraine/USA Posts: 176	I think that banning paid members is a bad idea. First of all, the same person can log in from home, then from work, then from laptop via wi-fi. If you want, you can ban these members automatically. As a result, your site's reputation will fall down, and there will be someone why may post messages on various forums and blogs that you are scam. I think that notifying these members by email about changing and not sharing their passwords is the best solution.

02-04-2007, 06:18 PM	#11
Bansheelinks Confirmed User Join Date: Apr 2003 Posts: 6,023	If they bandwidth-suck, its termination time. And don't let them tell you, "I'll be baaack" or let them convince you that you have to "Come with me if you want to live." Termination. T-1000 style.

02-04-2007, 07:17 PM	#13
cj_purve Confirmed User Join Date: Sep 2002 Posts: 1,065	If it walks like a duck and talks like a duck its probably not a chicken ... If someone is just logging in from multiple ip's the downloads should be random, sporadic and average ... if a password has been shared or hacked you'll notice different movement in that account. I'm not sure if pennywize is still available for lease but it has a download counter for each user/pass that shows you who has downloaded what. Its not hard to spot the cheats if you have the right data.

02-04-2007, 07:20 PM	#14
GT-Omar DM at Performive.com Industry Role: Join Date: Aug 2006 Location: Atlanta, G.A. Posts: 2,968	bump for good topic! __________________ Email me Skype me

02-04-2007, 07:52 PM	#15
TheDoc Too lazy to set a custom title Industry Role: Join Date: Jul 2001 Location: Currently Incognito Posts: 13,827	I use strongbox.. I check my logins all the time. With password leaks I first make sure the account should still be active (that does happen). If it's a leak I change the password and email the member a simply email that says we changed the password, and here is the new login details. If the account re-leaks (very low %) and the account is a fresh cancel, I kill the access. If it's an old account I select a new hard password, from here if a re-leak happens again I cancel and close the account. I check all failed password logins, and email the member a notice on why they are having login problems. I email 80% to the 20% that ask for help. From here I check every login that takes place, since I can see every country/ip, anyone that has more than 2 logins from a different country/isp/ip I email a new password. __________________ ~TheDoc - ICQ7765825 It's all disambiguation

02-04-2007, 09:21 PM	#16
hell Registered User Join Date: Feb 2003 Location: HeLL Posts: 75	i just change the password to there street address on file if they think ya know where they live they aint likely to do any shit email them with a nice email saying ya password was changed for security reasons blah blah __________________ ........ FuCkEn DiE -I-

02-04-2007, 11:57 PM	#18
RyuLion ClubDomCash.com Industry Role: Join Date: Mar 2003 Location: San Diego Posts: 32,243	You can spend a lot of time looking for password share'ers.. They get a email after they get blocked to change it..after the third time and warnings..we ban them! __________________ Adult Biz Consultant A tech head since 1995

02-05-2007, 02:00 AM	#19
Kolargol Confirmed User Join Date: Mar 2003 Location: www.footfetishsponsors.com Posts: 1,319	it depends on how much they downloaded, how different their IPs are and also if the customer is and old one and might come back or rebill.

02-05-2007, 11:17 AM	#20
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	I'd re-enable the user can change the password only, not the user name, once and email them the new password, telling them to be sure to keep it safe. If the new password gets out on the password sites I'd probably cancel them. I might give them one more chance. If a total of three different passwords of theirs get out I'd figure they were giving it out and get rid of them. One thing to be aware of, though, is password file ripping. If a LOT of passwords get out at about the same time, a cracker probably found a hole in some PHP script and downloaded your whole password file. That happens a lot if you use the old DES encryption that was for so long the standard way to encrypt passwords. That's not the user's fault, of course. In that case I'd upgrade the encryption, which we can help you with, and assign new passwords to the affected users. Normally I wouldn't change someone's user name, only their password, so it's easy to see later if the same users password keeps getting out. __________________ For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids