Newbie question about fraud protection

[michelle853]

Hello to everybody,
I'm running a small paysite and I have more and more problems with users who share their passwords and crashs down my server.
Therefore, I 'm looking for a programme which set a daily downloadlimit and possibly prevents that more than one person at the same time uses the same password.
I have heard about pennywize, but I don't it this with the money.
Is there somebody who can give me an advise?
Thanks a lot and have a great day
Michelle

[Xelot]

This is not necessarily an answer, but an additional possibility/question to the assembled horde... Is it possible to set up a site that needs a user name, password and their Visa number to get access? Yeah, it's a pain in the ass to remember a Visa number, but that's a piece of information that people wouldn't share. Maybe show them a mask of their Visa number and have random blank spots...

Example: xxxx-xxxx-____-xxxx or ____-xxxx-xxxx-xxxx

That way they don't have to input the entire number, but they do need to have the card handy. Or memorize their number.

[Cystomatic]

Quote:

Originally Posted by Xelot

This is not necessarily an answer, but an additional possibility/question to the assembled horde... Is it possible to set up a site that needs a user name, password and their Visa number to get access? Yeah, it's a pain in the ass to remember a Visa number, but that's a piece of information that people wouldn't share. Maybe show them a mask of their Visa number and have random blank spots...

Example: xxxx-xxxx-____-xxxx or ____-xxxx-xxxx-xxxx

That way they don't have to input the entire number, but they do need to have the card handy. Or memorize their number.

That would be insecure for the customers on your site. They would have to enter their CC Number every time they login, which would mean it could be easy for hackers to get CC info of them. With a CC number you can do quite a lot and I know that it won't be hard for a hacker to find out the security code of the card and expire date.

A better method to secure this is to only allow the computer (which purchased the membership on your site) to access the account. Other people who want to enter the account will get a message that the account has been limited. The account can than only be unlimited by the account owner. This would be a clever system.

Another way would be to only allow an IP to login to the account. And a user can than buy (for example $10) an extra IP, which can login to the account.

I'm currently working on such a system for my sites

[Rokkon]

Quote:

Originally Posted by Cystomatic

Another way would be to only allow an IP to login to the account. And a user can than buy (for example $10) an extra IP, which can login to the account.

That must suck for people with a dynamic IP...


The big IPSPs (like CCBill, epoch, ...) are so full about their fraud detection techniques. Don't those systems work for you? I don't have experience with them...

[pornguy]

Throttlebox and StongBox is what we use on our servers.

ICQ me and I can give you their contact info.

[Avalana]

Simply deactivate downloading? I'll never get why sites still have this feature... who the fuck is still downloading porns to his HDD?