i may be wrong but i have a hard time believing that whatever it is you do that

posting your site on gfy = getting hacked

The former...

well i guess we'll never know since you wont say what site you own

Hmmm, talk about easy.

The PW leaks are from Brute Force attacks and/or members giving up the information. I ran my sites, 2 dead, one trial members area.. They won't link to auth form sites.

I couldn't find any of the perfect gonzo sites that worked.

Not only are you protecting yourself, you are protecting the industry. You are also protecting yourself twice over.

If you run a single girl teen site and someone steals your unencrypted passwords (or encrypted ones with DES and customer made passwords) then you have just fucked over everyone else running a single girl site that is using Basic Authentication. It is highly likely that you share members either concurently or consecutively. Your 3,000 user passfile or 30,000 user log file is like a 150 user passfile or 1000 user passfile respectively to the other sites.

You protect yourself twice over because if hackers can't get anyones working passwords, they can't crack logins. If they can't crack logins then people will have no choice but to pay for porn.

Congrats, you just increased your income a small percentage. But it will take the entire industry to get on the same bandwagon for the percentage to really shoot up. The percentage of increased income is directly related to the percentage of same niche sites that protect themselves like you have.

Damn, BAB is a hot as all hell site!

I can't find a working PW for the main site, only for the trial site.. Which is fine, surfers make us money. :)

Then you made my point. This message isn't for you or JaceXXX unless it is to appluad your attention to security.

This message is for the hundreds of other sites and sponsors who are not taking these matters seriously.

http://trial.theinnerzone.com/upgrade.php

You get 2 buttons to upgrade with. I clicked BAB and got,

Upgrade Error!


Could not find your membership, please try again. The Email Address you entered might be different from one on the file.

If this problem persists, please contact BillingSupport.com from the following page: http://www.billingsupport.com/inquiry.html

I sail 50 pass w0rts AIT

My request for ArikaAmes was just filled... with a working password.

I totally agree with you. If the "know it alls" here at GFY think otherwise or are not hip to what is going on, the poster goes down in flames. End of story. That's sad.

Not once did I hear this guy selling anything. He was just giving us information. Maybe it is good info, maybe it is not, but it's worth looking into. :2 cents:

GFY is da place for wiggaz and cool bitches. I'm just here to meet some honeys.

word. :pimp

That would be because that account can't upgrade. Username already cancelled.

Most sponsors don't think they have a problem. They hope the softare protects them and BW is cheap enough.

I have password sentry and proxy pass

On this board you will always get shit from people even if you are correct.

wow that is alot to read

Interesting thread and read.

strongbox appears to work pretty well.

congratulations on a very long thread filled with bullshit and paranoia.

Strongbox is the shizzle

Paranoia???

How about this, how many program owners want me to post examples of their own passes being given away and how the cracking can be stopped or how the hacker got in?

Then we can see if I am for real or just full of shit.

-ASP1serv:#asp- INFO there are currently 48,901 passes in 3,985 sites in the database.

2 of my paysites were in that forum only freshly posted too. Thanks for the post, I now know that my current protection wasn't up to the task.

Time for strongbox.

HT, your ideas are great in theory and have been passed around here for a very long time. Unfortunately you are not the first one to come around here trying to fix something that many consider - not broken. GFY is a terrible place to give out good info because a lot of people are just here to talk shit.

These problems you have discussed have been a problem since the beginning and will be here in the end. Things change to fast for anything to make a difference. MD5 passwords can be cracked a lot faster then you posted BTW. Rainbow tables, look it up on Google. If you fix a hole, another is posted publically a few months later.

The webmasters all know this and are affected by it, but they are making millions so like I was saying earlier, if it ain't broke, don't fix it.

Daaaaamn, thanks!!!

I'm gonna try it out right now! :Graucho

if you have interesting sites you will always have asswipes trying to do brute force attacks. proxy pass blocks proxies as fast as these fuckers can throw them at your box---like a thousand different proxies in 3 minutes---soon the fucker is out of working proxies.

so maybe someone gets lucky and they get a password once a month, and then post it on a password site.

if you have the right scripts in place, the first time you have "X" number of simulaneous users with same name/pass every subsequent attempt is redirected to your sales page.

this is just not much of a problem anymore---it used to be, but no more.

but the info is valuable nontheless. the more webmasters saavy enough to keep the freeloaders out, the more people will pay for memberships.

security costs a little bit true, but it is money well spent.

Negative. It is damn easy to get 2000 anonymous proxies.

If I set the software to use only 10 bots and it cracks at 18000 per hour, I am going to try to crack about 300 per minute. That means it will take 6 minutes to see that 1st proxy again. If you have proxypass set to block a proxy after 5 tries, it will take 30 minutes to finally block its first proxy.

Now think about this, if you own milffuckedindaass.com, I will use the password file I obtained from assfuckingmilf4homies.com. Both sites have about 1,000 users who have signed up at either site with the same user/pass combo. Currently 150 are still active on milffuckedindaass.com. The combo file from the later site is 8,000 passes long. Every 53rd user is one of the 150 that is active. (8000/150). I am doing 300 tries per minute. I run 1,000 tries in less than 4 minutes are get 18 passwords.

I give the 18 out all month. I crack a session for 4 hours a day because I feel like it. Everyday someone asks me for the site 8 times. In one month those 18 passwords never get used by the same illegit or legit user at the same time. Even if they do, we can have up to 5 using them. Out of the 18 passwords 8 are still working at months end. But I only need 8 to feed the surfers requests for them.

240 people have now viewed your site for free. But BW is cheap.. Yeah, no shit, but getting me to crack your passwords is even cheaper. Out of the 240 about 40 are just people who are to stupid to store them. So 200 are individual surfers that will not be buying your product.

Those are just the surfers for 1 site that I cracked. I also will do the same for about (240minutes / 4 minutes per pass) = 60 surfers/sites that day. I am just one cracker. There are 4 to 20 more in a channel who will crack at other times in the day. I'll average that to 10. That is 600 passwords a day for the channel. 1800 in a month. ( 18000 x $20 = $360,000).

Now take the auto_requests you see going by. Someone asks for a megasite or a site with all access passwords. Those are being filled 2 to 3 times faster. $1,080,000.

And the searches going on with the bots that you don't see. Most surfers use the bots because they are nervous about asking for a site in the channel. Searches happen at the rate of a few thousand in a day. We will say 2000 even though the number is usually around 4000.

Add it all up and it is $88,000 a day. $2,640,000 a month. $31,680,000 a year. And this is just 1 channel. Undernet and many other smaller nets have channels of their own. Most other networks have 2 to 10 channels. And this is just English speaking. There are networks for people speaking many other languages. I will say a small number, 30 other channels.

$950,400,000! This is just lost revenue do to people not signing up. Add to this the cost of customer service, chargebacks, refunds, etc and this problem is costing you a HUGE sum of money.

This is just the IRC BTW. It doesn't include password boards, forums or other forms of trading them.

But I am just a punk, a surfer and a skript kiddie. So you all go on with your lives. I gave you the 3 keys to cutting this problem down to 10% of its current form. People didn't accept the world as being spherical or the Sun as the center of the universe, I don't know why I thought you people would be any different.

I don't get it, this guy addresses a serious issue and he gets flamed for it?

I just checked out that asp channel on IRC and it's filled with passwords to dozens of sites man. I understand that a lot of you are already protected but a lot aren't, so this is a valid issue IMO.

needless to say....High Times is soooooo fuckin' right.....!!

Sure....Security costs...but remember what you loose due to a lack in security!

It's very easy if you accept checks.. takes 30 seconds.

I just wanted to see if he had anything product wise to offer.
Answer = No.

Serious issue yes.

Is there a working solution?
Yes.

With the right knowledge and taking your sites security seriously there is not much to worry about.

get strongbox

Especially if you are correct :1orglaugh

Password leaks are and aren?t that big of a deal. Paysite owners have PW?s posted almost daily. We rely on our protection systems (pennywize, proxypass, strongbox, etc) to protect us. The fact is, even the best software in the world can?t 100% protect you from leaks, brute force attacks, hacks, exploits, etc.. It happens at the billing level, site level, program, and any other little side hole they can. PW webmasters share the information on how to beat pennywize/proxypass, they share backdoor info, they trade lists.

For the most part, PW sites are no worry to the standard program owner. They just don?t care. The people that need to worry about the leaks, don?t have a clue that it?s going on. Normally smaller site owners. Free site owners have to make sure they cover all the backdoors to content too. It?s a huge world that relies on the mistakes that webmasters of all sizes make.

Myself, I monitor my logins. If a member has a user/pass problem I e-mail them before they e-mail me. If I see a pw leak I change the pw and e-mail the member. This is the ONLY way to truly protect your sites.

no it can't, and it will never do, but the best software & security can reduce the attacks to 10% or less of what they are now... i was looking in this channel right now, and i can't believe that nobody of you paysite owners care bout this... come on man....that's all money you loose there... I don't care about this really cause i own no paysite, but i would if i had one....!

I think thats what HT wanted to say....

Very interesting thread. bump