What you see there is typical of any password dump/ forum
No point wasting your time trying to close it down they will have several mirrors and will be back up in no time.

You will notice 99 percent of those logins are user defined ?simple to brute-force?
And ?simple to decrypt?

Crackers know that people in general are lazy and use the same passwords for every site they join.

You cannot run a pay site that allows your customers to choose their own logins and not expect to have major password issues.

If your billing company allows random passwords to be assigned to your customers, do it!
And use a good length, I recommend 15 char. That will stop passwords from being brute-forced. Also by having a good length ?say 15 char? even if they exploit your server or a script to locate your password file they will be flat out trying to decrypt it.

All that needs doing then is to install a script like password sentry and that will alert you to any password trading.

I wouldn't do that. That's a pain in the ass for the customers. The simplest solution is a form login page like this one:

http://www.polishmyhelmet.com/members/

Those forms can be brute-forced as well.
There are some very skilled coders on the dark side
Mr. Gator

that's the world of free porn...but if I take a look at my sign-ups many ppl don't know these kind of links.

None of ours there...

I'm sure they can, but I still think it's better than using the pop up box login that it much easier to brute force.

Yes agreed it is a more secure option, however you?re still inconveniencing your customers by typing in the image content.

We use 15 char random logins, the members get used to it "most people are familiar with copy and paste"

Anyway I?m out for the night
Cheers

Well the only thing they have to type is the image content because they can save their u/p on the page and not have to type that or copy and paste it.

Anyway, I'm sure your system works well. I was just saying the form login page was simpler than having a user and pass like Ug834nfoGodkt5j/Risjt35Fks53GW.

There is always the other side of the coin. From our experience adding more complicated rules for creating the username and password leads to increasing of issues with creating accounts.

And still there're many customers who don't use (or don't know how to use, huh?) copy-paste to insert the info to log-in window.

If done correctly, yes, this could put an end to brute force. Unfortunately images as simple as they are using can be very easily read by an image reader program.

wow, that's a fucking huge list!!

I'm surprised they are not shut down yet.