Fix to Spoofing Members Areas
 

Everybody,

Last month we noticed our hits/bandwidth to our members are increase by over 1,000+ users per day, costing us over $5,000+ in content bandwidth as a direct result of spoofing software that lets people into your members area for free!

Well congratulations to Mr. Brad Slavin, my head IT, who wrote a killer script that can be added to your .htaccess file that will not let spoofers in. If anybody is interested in how we did this....we will be happy to help you out on trade.

Since the new .htaccess file was uploaded, we have been 100% secure, knocking out over 900+ spoofers per day!

THANKS BRAD!!!

1) "Spoofing" doesn't get you into anything. Passwords do.

2) htaccess does not run scripts.

email me the script?

Were you only authenticating via HTTP_REFERER? This is all too common, I've helped a few people out with this...

Wrong.

...

using the .htaccess file
 

We were use the http_referrer method, and still are, only adding a jump page and a couple quick lines of script to the .htaccess file itself has knocked out those thieves.

When I visited a couple of the web sites providing the spoof software and a huge, huge, list of members' area urls, which were big.

Testing their software, I was able to get into tons of members areas from very big content providers, plus many of the referring urls were via somebody elses account, paying $$ to the content provider.

Just use strongboxxx

if you are an owner of a popular paysite(s) you need to go to <deganews.com> and put in the name of your site.

this will tell you if asswipes are trading info about how to spoof your members area.

the "tar=ref" spoof is very common, and can be fixed by beefing up your member area security.

if you are on ccbill they can show you how to do it.

also if you are hosting video files you should have <antihotlinking.com> in place and be redirecting your hotlink attempts to some sort of sales page.