|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
11-11-2004, 02:09 AM
|
#1 |
|
Confirmed User
Join Date: Aug 2003
Location: DK
Posts: 779
|
SITE OWNERS (ccbill) attention!
Have you experienced "attacks" on your servers with 400+ password combinations... and the first or atleast one of the first attempts is going through?
I'm talking about someone sitting on alot of correct passwords, who is just hitting sites to see if they are valid still...
__________________
High Converting CCBILL Programs Amateur/CFNM -> http://www.boozedwomen.com/tour/ Best Selling Granny Site -> http://www.excitedwives.com/tour/  If I had a hammer.... |
|
|
|
11-11-2004, 03:22 AM
|
#2 |
|
Confirmed User
Industry Role:
Join Date: Feb 2003
Posts: 7,340
|
If someone is hitting you and getting a tonne of correct hits i'd check your server logs.. someone might of found out where you keep your htpasswd and ccbill cgi's.
|
|
|
|
|
11-11-2004, 03:32 AM
|
#3 | |
|
Confirmed User
Join Date: Jul 2002
Location: Magrathea
Posts: 6,493
|
Quote:
Sounds to me like someone just has a really good combo list. Many people (especially trial abusers, I think) use the same username and password combination everywhere so if you compromise a couple of CCBill sites OR if you just collect valid username/password combinations from password boards and IRC, you can build a combo list that can get you into a lot of the major sites. SpaceAce |
|
|
|
|
|
11-11-2004, 04:26 AM
|
#4 |
|
Confirmed User
Join Date: Jan 2002
Location: Europe
Posts: 422
|
Pennywize
|
|
|
|
|
11-11-2004, 05:41 AM
|
#5 |
|
Confirmed User
Join Date: Aug 2003
Location: DK
Posts: 779
|
Thanks guys...
This is not the case on my own sites... ( I do use Pennywise ) This is the case on another non-enclosed site... The reason I'm asking is to see if this is more of a global problem, which means that the passwords are coming from somewhere higher in the system than the member-server... As to the Pennywise comment... Isn't it only if there is several unsuccessfull logins from the same IP that it will be blocked? I'm talking about someone hitting the nail almost everytime... There is no trial option and the passwords are strong... I'm leaning more towards Project-Shadow - but I dont know...
__________________
High Converting CCBILL Programs Amateur/CFNM -> http://www.boozedwomen.com/tour/ Best Selling Granny Site -> http://www.excitedwives.com/tour/ If I had a hammer.... |
|
|
|
|
11-11-2004, 05:50 AM
|
#6 |
|
Confirmed User
Join Date: Mar 2004
Location: Melbourne
Posts: 299
|
If they are getting stacks of working combinations
They either found and decrypted the sites password file or one of a similar site |
|
|
|
|
11-11-2004, 06:02 AM
|
#7 |
|
Confirmed User
Join Date: Mar 2004
Location: Behind you
Posts: 227
|
Verotel scripts can be a problem, as can sites with the older "standard" CCBill install.
It might be nothing to do with a CCBill script, might be another vulnerable script on the server. As for passwords, there are files with hundreds of thousands of combinations to download and hurl at a site. If you use Pennywize it will at least help a bit as the 'hurler' will need to have quite a lot of unique ips to switch between to keep firing the usernames/password combos at your site. |
|
|
|
