Hopefully Paypal shuts them down quickly...perhaps we can keep an eye on things so that if they come up with another payment it can be stopped.

I wonder how their hosting company feels about the site?

Do hosts care about such things?
Their hosting is either http://www.123-reg.co.uk/ or phase8.net, I'm not sure.

We should make some kind of organization that closes down sites like this where you can pay a $50 fee per year and any password site is attacked legally by this new organization. It would kind of be like that copyright organization you can join where if anyone infringes on your copyright they will take care of it if you pay your yearly fee.
Would anyone join?

It's free advertising.

I've used all the different scripts out there that handle password traders - PasswordSentry being one of them mentioned in this thread. While these will stop some pass traders, they certainly won't stop the techniques that are in play nowdays.

If you search the board, you'll see alot of talk about STRONGBOX, and how this is supposedly pretty kickass for most of the modern pass attacks now. Not sure if this is the official URL, but here's one I dug up: http://webmastersguide.com/htaccess-cgi/strongbox/

its the more clever of the pw trading crowd that distribute proxies along w/ the login data, these people are the biggest problem... only an intelligent system that monitors bw usage by the hour can conbat that sort of trading..

.and sadly enough, pennywise is a poor performer in this department from past usage..

I beleive so as from what I know its not illegal to post you password, its just starts getting iffy when others use it to download and in effect nick the content;

XXXXX,

I have looked at the site and confirm that the account should be suspended this morning

Will you please let me know when this has been done

Paul,

Thanks for this alert

regards
XXXXXX

Well thats what the fraud team at nochex have done this morning - I will see if we can also ban people paying him

Any paysite that does not have password hacker protection deserves it. It's like leaving your back door open and not expecting to get robbed.

Just install http://www.stopthathacker.com/ and forget about it.

One day of bandwidth on a password site will cost you more then the cost of good hacker protection.

Hugs,
Danielle

Oh watch out if your anti hacking script relies on your apache server log files or custon logs.:)))))))))

You are fucked.:) Many of the brute force hacking programs have already exploited this.

Hugs,
Danielle

What you see there is typical of any password dump/ forum
No point wasting your time trying to close it down they will have several mirrors and will be back up in no time.

You will notice 99 percent of those logins are user defined ?simple to brute-force?
And ?simple to decrypt?

Crackers know that people in general are lazy and use the same passwords for every site they join.

You cannot run a pay site that allows your customers to choose their own logins and not expect to have major password issues.

If your billing company allows random passwords to be assigned to your customers, do it!
And use a good length, I recommend 15 char. That will stop passwords from being brute-forced. Also by having a good length ?say 15 char? even if they exploit your server or a script to locate your password file they will be flat out trying to decrypt it.

All that needs doing then is to install a script like password sentry and that will alert you to any password trading.

I wouldn't do that. That's a pain in the ass for the customers. The simplest solution is a form login page like this one:

http://www.polishmyhelmet.com/members/

Those forms can be brute-forced as well.
There are some very skilled coders on the dark side
Mr. Gator

that's the world of free porn...but if I take a look at my sign-ups many ppl don't know these kind of links.

None of ours there...

I'm sure they can, but I still think it's better than using the pop up box login that it much easier to brute force.

Yes agreed it is a more secure option, however you?re still inconveniencing your customers by typing in the image content.

We use 15 char random logins, the members get used to it "most people are familiar with copy and paste"

Anyway I?m out for the night
Cheers

Well the only thing they have to type is the image content because they can save their u/p on the page and not have to type that or copy and paste it.

Anyway, I'm sure your system works well. I was just saying the form login page was simpler than having a user and pass like Ug834nfoGodkt5j/Risjt35Fks53GW.

There is always the other side of the coin. From our experience adding more complicated rules for creating the username and password leads to increasing of issues with creating accounts.

And still there're many customers who don't use (or don't know how to use, huh?) copy-paste to insert the info to log-in window.

If done correctly, yes, this could put an end to brute force. Unfortunately images as simple as they are using can be very easily read by an image reader program.

wow, that's a fucking huge list!!

I'm surprised they are not shut down yet.