ProxyPass and PhantomFrog, Anyone ran both?
 

Looking for password protection better then iprotect and have come down to these two.

Proxypass, well lots of people use it, or seem to at least, and seems to be used alot outside of porn too. Covers the whole server.

PhantomFrog, new to me, have heard some good things, but being a more industry writen program I worry about poor coding or over complicated slowing the server down. Only covers 3 domains.

They are priced about the same, so its a bit tough.
Looking for user input, if you have used both that would be a plus :)

i dunno but i don't like the fact that phantomfrog emails me hacked passwords to my sites and refuses to tell me where they got them. We use sparta, but i have also used pennywize and strongbox.

phantomfrog apparently has some really cool features, but I haven't heard much positive reviews on it

strongboxxx is what I use, and will always use, it is simply amazing

I've used Pennywize, Strongbox and ProxyPass in the past - the later two being very good.

Had Phantom Frog installed a few months back and have to say it blows the above away :2 cents:

Phantom Frog kicks ass
 

Ok, this from somebody who's tried just about every other program out there, but for the past 6 months I've been with Phantom Frog and I don't have to go anywhere else! It does it all and does the dirty work for me. No more sitting at my 'puter in the mornings to see if my site's been hacked, or guys can't get in because their passwords have been changed or blocked. Phantom Frog is totally automated and your members (should they need to) can retrieve their own new password from the system without bothering the webmaster. It blocks Brute Force attacks, multiple accesses from different locations, bandwidth hogs (you set the bandwidth limits) emails you a list of all password changes due to trading or hacks, gives your members the ability to get back in right away if their passwords have been changed by Frog, due to hacks. Also has a customer service form for those "challenged" members who can't figure out how to use the system.

Basically, this is the BEST system I've tried to date and we've been online for 6 years now. Give it a try... I'm sure you'll like it. You can even put a "trial" version of it on your site to show you how your current protection system is working. I had IPROT installed prior to Frog and I was fuckin' shocked when I saw how many guys were getting past it and I had no idea what was going on. Frog gets a thumbs up from me

Lucky
[email protected]

Clarification
 

Phantom Frog has clients with multiple
sites on Linux clusters and with over
10,000 members. We have NEVER had
a performance complaint! Also, Frog's
protection covers the entire server.

Regarding reviews, I'm going to let our
clients' comments here speak for themselves.
Since we have a Trial Version which is Free,
the only risk you take is finding a better
solution. And that Trial can be run in
parallel with any other protection system
out there so you get a true side by
side comparison. You don't have to
speculate about Frog when you can try
it for Free. I don't see ANY other company
making that offer.

Please feel free to learn more at: http://www.phantomfrog.com/g
or contact me with any questions.

Hmmm, used strongbox in the past but gonna have to take a look at your system PhantomFrog..sounds advanced over the others

matty,

I wonder if you could take a moment and tell me more
about why you like Phantom Frog better than Strongbox.
We have some great new features for Strongbox 4.0, such
as some basic biometric checks to consider the actual
human being who is trying to log in rather just looking
at the IP as Phantom Frog does. Also we'll show the system
fingerprint in the reports so the webmaster can visibly
see the different computers people use. These two features
of course make Strongbox far more secure than Phantom
Frog, which is automatically bypassed by all of the password
sites that link through proxies, but we'd like to know
what other improvements you think could be made.

We may start letting people know that our systems do
give you the option of automatically re-issuing new passwords
to people who share them like Phantom Frog does by default,
but to me that seems like such a bad idea that I really don't
want to encourage webmasters to do that. From a security
perspective that just seems insane to me, that when you catch
someone stealing from you you would hand them a new key,
but at least our system does it in a controlled way rather than
continuing to give them an unlimited number of new passwords
every time they post one.

Anyway really I'd like to have a two way conversation with you
aand really find oput more about what you think. Can I call you
some time? Perhaps there is a good time to reach you on ICQ?
I'm still at 979-530-1300 and answer 24/7 as always.

Matty, I posted half way through my message.

Anyway really I'd like to have a two way conversation with you
aand really find oput more about what you think. Can I call you
some time? Perhaps there is a good time to reach you on ICQ?
I'm still at 979-530-1300 and answer 24/7 as always.

Darn slow GFY made me repeat.

forget everything and run proxypass

weve tried pennywize brrrrrr never again just go for pp

we have been running proxypass for a while and have had no problems with it. We love it!

Dave G

Ray,

Concerning the Automated Member Support (AMS),
the ultimate judges of whether this feature is a
weakness or strength is our clients.

Frog has an extensive list of extremely satisfied
webmasters, some of whom have been relying on
this exact feature for four years and counting. As
you can see from Roy's testimonial above, they
credit this AMS feature with making Frog completely
self-supportive and not requiring any intervention
on their part to deal with password management
issues. A casual scan of our webmaster testimonials
page will also bear this out.

Our contention is that a valid paying member should
NEVER be blocked from accessing a members area for
ANY amount of time because a hacker compromised
their password. To compound the problem, it could
occur when a webmaster is sleeping or away. AMS
works 24/7 to ensure that the member has uninterrupted
access to a site and hackers have none. This minimizes
damage control and cancellations that would be risked
from a member being blocked out.

Experience speaks for itself and its hard to detract
from four years of experience from a multitude of
webmaster clients.

Sorry, I meant to refer to Lucky's
testimonials above regarding Automated
Member Support and how much he relies
on it.

proxypass is the best program i have used

gmr324,
I think we agree on most of what you just said, which sounds a lot like what
I posted. As I said, people seem to like the fact the Frog issues new passwords
to people who give them out or have them compromised, so I may make that
option visible in Strongbox. Of course you don't want to block legitimate
members. We just differ on our approach to to avoiding locking out legitimate
users. Our approach is to do two things differently than you. First, we
consider the many different factors rather than just relying on the one
thing, so we start out by blocking fewer people in the first place. More to
the point, we help webmasters set up strong passwords that won't be
compromised, so any passwords that get out were almost certainly given out
by the "members". On the other hand, your approach, which some
webmasters seem to like, is to never lock them out, whether they are posting
their passwords or not, they just keep getting new ones. Yeah, I think that's
nuts, but as I said it's the webmasters choice. Even if some webmasters
prefer to give away access rather than do any customer service, I still think
that's nuts.

Now the choice is I can either encourage webmasters to do something which
I think is nuts by making that the default, as you do, I can thoroughly
discourage it by not even setting up the option by default, or I can set the
option up, have it turned off by default, but make it easy for webmasters
to turn on. That may be what I'll do, or perhaps I'll make it an option on
the order form.

The price should make a lot of people choose strongbox..

$60 a month for 1 site with Frog
or
$150 one time fee for Strongbox


However the way you have to code your urls kinda sucks and
screws with my php i believe.

Three points about this:

(1)
True customer service should mean providing
24/7 uninterrupted access to a paying member.
Passwords and members can be blocked at random
hours totally unrelated to a webmaster's schedule.
I wouldn't continue paying for a membership
where I didn't have predictable constant access,
would you?

(2)
Once again, four plus years of experience with AMS
bears out the fact overwhemingly that the highest
percentage of pass trading can be attributed to
hackers and not members. So, any system should
address the most frequently occurring problem.

This experience has also shown that the vast
majority of legit members who have been issued
a new password by our AMS stop sharing passwords
when confronted with the hard evidence. This had
held true over the past four years that we've tracked
it through feedback from our webmaster clients.

If a member were to trade their password with a friend,
Frog's Geo-IP Tracking would detect even such low
profile abuse and block it. It wouldn't take exchanging
many dead passwords like this for these friends to
discontinue the practice.

(3)
If members are guilty of trading passwords with their
friends, what would prevent them trading or circulating
a password that is manually issued to them by a
webmaster? Either way, (manual or AMS) they've been
handed a password that can be tracked for abuse
and confronted. So, why waste valuable webmaster's
time unnecessarily?

====================

[quote]The price should make a lot of people choose
strongbox..
$60 a month for 1 site with Frog
or
$150 one time fee for Strongbox[quote]

Correction:
Frog's price range from $15 - $60 per month depending
on the mix of features you select. We have some
very seasoned webmasters as clients who have done
the math. They know what their time is worth and
choose not to have hours of their time consumed
doing repetitive tasks that can be handled by software.
That time is better spent expanding their business.
That is not even counting the revenue lost from
frustrated members who cancel their subscription
because they are blocked out. They may also infer
that you can't protect their credit card info if you
can't even protect their password from hackers.
Perception is reality.

Here's a quote from our client Lucky (which you can
see as a reply above) that support these claims:

"No more sitting at my 'puter in the mornings to see if my
site's been hacked, ...your members (should they need to)
can retrieve their own new password from the system
without bothering the webmaster."

Here's another relevant quote from our testimonials page:

"We also love that our members can get their passwords
by themselves. It save us a ton of work"

As usual, thanks for the lively exchange Ray!

BTW gmr324, if I forget to contact you guys next week remind me.
I'm putting you in my will. Seriously. We have some new technology
that you guys could put to good use if myn own employees choose not
to continue the business.

Absolutely. We just have different ways of addressing that problem.
You guys address that problem by assuming that it's always hackers
and a "member", who may have signed up with a stolen credit card
just for the purpose of getting a pass to share, is always innocent, so you
keep giving him new passwords and if he keeps sharing them oh well.
That may even be a somewhat reasonable approach if you don't
have the capability to do what we do. Our approach, in the recommended
configuration, is to simply eliminate the problem of crackers getting
passwords in the first place. Once we've essentially eliminated the
ability of a cracker to get a password, we know that any passwords
that get out were probably shared by the "member".

I wouldn't give out my password, so it wouldn't be an issue if the site used
Strongbox in the recommended configuration. I certainly wouldn't expect
to have predicatble constant access if I kept giving out my passwords to
10,000 of my closest friends.



Why would they care if they accidently got one blocked?
By the time they know it's blocked they already have a fresh
new one in their inbox, courtesy of Frog.


The webmaster can make intelligent decisions about who to issue new
passwords to. For example, most webmasters won't give a new guy from
Russia six new passwords in his first six days. They'll see what's going on
and tell the guy to either keep his password to himself or go elsewhere.

each subscription is for 1 site or for 3? As somewhere on the page it says
3 domains per subscription

I have been running paysites since 2000, i now have 4 total paysites, I have NEVER had a member cancel their membership because their password was blocked and they had to wait a few hours to get a new one

let me add also, I HATE services like this that make it a monthly fee

i want a base price, one time, that I pay....I even don't mind paying $10-20 for an update...but I hate monthly fees for this type of shit

The subscription price is for UP TO 3 domains
Beyond that, we provide individual quotes
Running the Trial Version of Frog which demos
High-Resolution Geo-IP Tracking is totally Free.

Ray, Frog does not judge or care whether a pass
has been abused by a hacker or a legit member or
fraudulent member. The abuse is pinpointed whether
its just 2 close friends sharing a pass or an
entire forum of malicious pass leechers sharing
passes by Frog's High-Resolution Geo-IP Tracking.

Ray, quite to the contrary. Frog's AMS system
maintains stats on the number of times a fresh pass
has been re-issued to a given member. Obviously,
the member is flagged for sharing if the pass is
replaced more than once. In Frog's admin control
panel, the webmaster has full insight into each
member's activity patterns. So, you can have both
AMS and intelligent pass management. Once again,
the proper blend of delegating mundane tasks to
software while providing the webmaster with the
appropriate level of control.

Consider yourself fortunate because this does
not reflect the experience of the majority
of webmasters and certainly not our clients.
Many of Frog's clients have been in the business
since at least 2000 as well running in some
cases up to 30 sites. They HAVE LOST REVENUE
from cancellations as a direct result of members
being blocked out.

Each webmaster has to evaluate what your time is
worth. Would you rather spend time dealing with
password abuse issues, or spend time developing
content or doing marketing? Dealing with password
abuse issues is work that has to be paid for
every month either in employee labor costs or
consuming your own time. That being said, every
webmaster has their own preferences on how to
deal with password management.

well.........?

with strongboxxx I just don't deal with what you are talking about here...I am a one man operation and I NEVER have to even log into strongbox, it does everything perfectly

in fact, there is a group of us with about 40 paysites in total and strongbox run flawlessly on all of them and none of us ever have to do anything like you are referring to

on a side note, why is it when you and
ray type it leaves the message like
this and not the full width of the
posting area? I have seen this happen
on a lot of people on the boards and
can't quite seem to figure out what
system you are running to make posts
appear like this and not fully acrosss
the posting area....LOL

"strong passwords" you mean like the single click option in CCbill to create random alphanumeric with special charactors?
Now I think StrongBox is ok, I know lots that use it trouble free, I just dont think stronger passwords is really a marketing feature.


LOL, can you REALLY picture one of these password sharers sitting at his computer all day long giving out the new pass as it comes to his email... Hell no. Maybe 3-4 times at most.
How many users would StrongBox let in befor killing it? I never did find an answer to that question when I was looking.

Some guy sharring a pass with a few of his buddies... that will happen regardless of what protection you use. But I know if I was sharing with a couple buddies they would get access once, but then it would be a pain in the ass for me to keep updating them with the password. That might cause one of them to maybe sign up if they didnt get their fix the first time...

So how do you pay for you server? ;) I do see your point that your trying to make though.
But 150 one time fee, per protected area.
3 paysites, each site with 6 zipsets. With Strong box that would be a one time fee of 3150 or jsut over 3 years worth of these montly fees.
But then you run into the problem of setting up strongbox with zip sets. Now sure zipsets are mostly limited to nn/topless sites, but guess what, thats what I run.




With all this said, I still have really picked what one I will be using, but Frog is definatly winning.

problem of setting up strongbox with zip sets? I have all my content in my members area zipped up for download and no one has issues with it

is there something I don't know?

I dont think you understand what I mean by zip sets.

http://www.spunkyzips.com/

They are zipped sets that generally show more then what is in the general site. They are their own little members area, normally access is for 4-5 days non recurring. They download the zip, they unzip, and then wack off.

yes, you dont know what a "zipset" is as far as what jefferey's saying...


example of "zipsets"

http://www.katesplayground.com/tour2/store.php

i've ran both of these password protection scripts, and there is good/bad to each of them

does a member being "locked out" lead to cancelled memberships? YES, very much so!! i have LOTS of proof of that

one issue with strongbox was that it temporarily blocks users "sharing" passwords...it has a 're-enable' function, but even if you re-enable the IP itself is usually blocked as well..

it was very frustrating for members to email me they've been locked out (most often just because of the number of logins per day they do, or entering a wrong password or captcha image word), and i "re-enable" the username, only to have them email me they still cant get in...strongbox has no way for the webmaster to over-ride its block of users

Strongbox is the way to go.

AH, ok, i remember seeing this a few years back, totally forgot about this membership model ;)

I use ProxyPass, and they work great. The couple times I did have issues these guys busted their asses to fix things up right.

Of course the drawback is the monthly fee sucks.. I hate recurring.. and thinking of it I guess it's just payback for charging all our surfers the same way lol.


My suggestions for Proxypass though is get some kind of auto password deal like the new guys have, sounds like a nice feature, that's the only thing I ever have to deal with.. but then again at the same time what if it turns out he's just a theiving user, don't want him having the pass again!

I already kinda comented on this.
If the pass only works for ONE geo ip, then if he shares it only ONE person is going to get in.
Proxypass 5-7 users would get in.
I really doubt someone sharing would sit their waiting for the email to come and then share it again, then wait for the email, then share it again.... it would be a full time job, they would do it once or twice then say fuck it.
If proxypass auto sent an email, then 20-30 users would get in befor he would say fuck it, and even then if it takes a good while to get to that point he might keep putting the new one up, but for single try to share a new pass, I doubt he would keep that up for long.

True, but I guess then PhantomFrog would only be as good as the geo database it uses, and it's not like I'm getting killed on password shares, so I'm a bit hesitent to go play with a new program when we are talking about a live site with 1000's of members.

People have said 20%+ savings in bandwidth going to programs that protect better then their last one.

Some big sites have went to PhantomFrog too, I believe CamWithHer went to frog a couple weeks ago.

Couple of Clarifications about Frog
 

I just wanted to clarify this misconception that Frog's
Automated Member Support can be a "revolving door" of
fresh passwords. Frog's AMS system maintains stats
on the number of times a fresh pass has been re-issued
to a given member. So, even a valid paying member would
be flagged for sharing if AMS replaces the password more
than once. The webmaster gets email AND can see this
data in his Frog account. So, even low-profile abuse
between buddies is pinpointed and the cycle of abuse
is terminated!


The Phantom Frog system has been released and
stable for over four years now. In fact, we have many
clients that have been with us over that four-year
period and counting. Also, we have cash programs that
use Frog which include over 30 live sites and
more than 10,000 members. Another one is signing
up with us that has over 30,000 members! There is
no hesitation in their decision to take advantage of
Frog's superior Geo-IP Tracking and AMS.

Just want to clear up the "new program/new guy"
misconception. Appreciate the kind comment about
Automated Member Support though.

Felix, your input here is much appreciated. As I'm
sure you realize, but others may not, Frog's control
panel will allow a webmaster to selectively place
members on ignore status. This means their accounts
are being monitored but no action is taken. Or you
can unblock their account selectively.

The geo database is the same one relied upon and
used by and good enough for such corporations as
EBay, Walmart, Morgan Stanley, IBM, and Warner Bros.

Most of our clients who were using ProxyPass and
Pennywize made exactly that same comment. They
were totally unaware how much password
abuse was "flying under the radar" of those systems
until they installed the Free Trial of Frog.

ProxyPass (and Pennywize) employs a primitive IP
counting technology which decides whether abuse
occurred based upon a certain threshold number of
different IPs sharing the same password. This
actually helps hackers rather than hinders them
since they get X number of password guesses for
each of the thousands of open proxies they use in
their brute force dictionary attacks!!! Hackers
are very aware of this and actuallty use it to their
advantage.

This is analagous to telling your alarm system to
"tolerate" 5 burglar entries into your home before
triggerring. Your alarm system hardly ever goes off.
You wouldn't even realize you were being stolen from
until one day you took an inventory.

Let us help you "take an inventory" by installing the
Frog Trial. You don't have to disable ProxyPass or
Pennywize so its like getting a Free live side-by-side
comparison.

Here's just some of the relevant comments from our
clients' testimonials page:

"I just wanted to let you know in spite of my constant
vigil and my obesssion with bandwidth figures the Frog
is such a quantum leap above Proxy Pass it isn't funny.

"Hi Phantom Frog,
One thing I can say is that I was using Pennywize and
then Proxypass and I seem to be catching more people
with your system."

To start a Free Trial: http://phantomfrog.com/g?ft=1

In Frog are you able to set how many passes it will send a member? Before it sends them a email letting them know please contact support to have a password issued?

I happen to agree with this. When a password is compromised, a new one should automatically be e-mailed out, or txt/sms'd out to the user, explaining that his/her password has been compromised & has been changed.

An hour of account deactivation on a (dating site) in my experience = a chargeback.

Next question is...when do you guys plan on implementing a cell phone txt messaging system, or instant messaging (icq/aim/yahoo/msn) for members to receive new passes, now that e-mail is slowly but surely dying out?