724 login attempts from 125 IP ranges in 30 countries - GoFuckYourself.com

Bama · 07-04-2008, 06:38 PM

Yeah Strongbox

Not 1 made it in

Evil E · 07-04-2008, 07:07 PM

Question for you: If one of the attempts was successful, wouldn't you not know about it?

Zuzana Designs · 07-04-2008, 07:09 PM

WOOT WOOT strong box

ladida · 07-04-2008, 07:29 PM

Quote:

Originally Posted by Evil E

Question for you: If one of the attempts was successful, wouldn't you not know about it?

:P

d-null · 07-04-2008, 09:47 PM

someone shared a password?

pr0 · 07-04-2008, 10:25 PM

Quote:

Originally Posted by jetjet

someone shared a password?

na, it was probably a simple program with proxies used to find weak passes

Socks · 07-04-2008, 10:28 PM

Quote:

Originally Posted by pr0

na, it was probably a simple program with proxies used to find weak passes

If it was, 724 attempts is pretty pathetic. :P

Iron Fist · 07-04-2008, 11:47 PM

Quote:

Originally Posted by Evil E

Question for you: If one of the attempts was successful, wouldn't you not know about it?

Welp -- check the torrent sites for those site rips

ultimatebbwdotcom · 07-04-2008, 11:50 PM

RUP's are a mostly what stops BF

k0nr4d · 07-04-2008, 11:57 PM

I remember once when I worked for a sponsor and we had someone trying to bruteforce a site, i set the invalid login page to a jpg file that causes internet explorer to use a shitload of ram. I guess whatever program he was using was using internet explorer in some way, because it stopped almost instantly after.

Bama · 07-05-2008, 12:10 AM

Quote:

Originally Posted by Evil E

Question for you: If one of the attempts was successful, wouldn't you not know about it?

Actually, yes, I would

Evil E · 07-05-2008, 12:18 AM

Quote:

Originally Posted by Bama

Actually, yes, I would

I'm just curious as I don't know that software inside out...

If the bad guy is using a new proxy(new ip address) and is able to login in 1 attempt, how can you know that has malicious intent and is a bad guy?

Of course in your logs you'll see all the ips that did connect successfully, but you probably can't identify him.

Now if you're getting hammered by dictionnary attacks or brute force even if the guy is using a proxy list... of course it's gonna figure it out...

Jens Van Assterdam · 07-05-2008, 02:57 AM

Those strongbox captcha´s are crackable by school girls..
All it takes is a good wordlist..

Bama · 07-05-2008, 12:39 PM

Quote:

Originally Posted by Jens Van Assterdam

Those strongbox captcha´s are crackable by school girls..All it takes is a good wordlist..

And yet it works so well...

payd2purv · 07-05-2008, 12:42 PM

Captcha hacks don't work off wordlists you fuckin newb.

and if your password/username can be cracked by a wordlist you need to stop having control over ANYTHING that requires a login..

cause yer an idiot.

Socks · 07-05-2008, 12:50 PM

From: http://cxliv.org/2006/04/05/password_cracking_speed.php

Using this as our guideline, a 6 character password using the 62 characters possible from upper- and lower-case letters and numbers will produce 57 billion possibilities, and according to this site, Class D hardware can exhaust every such possibility in just 1.5 hours. That's not long. Add common symbols to that mix (increasing the possible characters to 96) and you increase the combinations to 782 billion (for the same 6-character length), meaning the same hardware will take slightly longer to go through all iterations: 22 hours.

Increasing the length of your password makes it more difficult - an 8 character password drawn from the pool of 62 possible characters (letters and numbers) means that there are 218 trillion possibilities, which would require the same hardware a whopping 253 days to process. Meanwhile, using the 96 possible characters that include common symbols would take 23 years on that same hardware!

ultimatebbwdotcom · 07-05-2008, 01:35 PM

Takes a whole lot longer when it has to work out the user and the pass, i think the example there is username known, password not.

Due · 07-05-2008, 02:14 PM

Quote:

Originally Posted by ultimatebbwdotcom

Takes a whole lot longer when it has to work out the user and the pass, i think the example there is username known, password not.

You just need to crack the "username"
http://www.threadwatch.org/node/14095
In PC Magazine's upcoming May 8th issue they list the 10 most commonly used passwords online - if you are using any of these please turn off your computer immediately, go take a nap and then download this add-on for FireFox

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. blink182
10. (your first name)

Jens Van Assterdam · 07-05-2008, 02:39 PM

Quote:

Originally Posted by payd2purv

Captcha hacks don't work off wordlists you fuckin newb.

Like you had a clue..
On Strongbox they work like this.. Google -> Caecus...

ultimatebbwdotcom · 07-05-2008, 07:13 PM

Quote:

Originally Posted by Due

You just need to crack the "username"
http://www.threadwatch.org/node/14095

sure, but who in adult lets a person choose their own user/pass nowadays...dont tell me I'm sure way too many do.

07-04-2008, 06:38 PM	#1
Bama Confirmed User Join Date: Nov 2001 Location: Redmond, WA Posts: 2,727	724 login attempts from 125 IP ranges in 30 countries Yeah Strongbox Not 1 made it in

07-04-2008, 07:07 PM	#2
Evil E Confirmed User Join Date: Apr 2005 Location: Lazyness is a lifestyle Posts: 3,201	Question for you: If one of the attempts was successful, wouldn't you not know about it? __________________ A girl once told me "Give me 8 inches and make it HURT". So, I fucked her twice and hit her with a brick.

07-04-2008, 07:09 PM	#3
Zuzana Designs All Your Design Needs Industry Role: Join Date: Feb 2005 Location: [email protected] Posts: 20,852	WOOT WOOT strong box __________________ Website Design - Consulting - Development sarah [at] zuzanadesigns.com - See Our Work

07-04-2008, 09:47 PM	#5
d-null . . . Industry Role: Join Date: Apr 2007 Location: NY Posts: 13,724	someone shared a password? __________________ __________________ Looking for a custom TUBE SCRIPT that supports massive traffic, load balancing, billing support, and h264 encoding? Hit up Konrad! Looking for designs for your websites or custom tubesite design? Hit up Zuzana Designs Check out the #1 WordPress SEO Plugin: CyberSEO Suite

07-04-2008, 11:50 PM	#9
ultimatebbwdotcom Confirmed User Join Date: Mar 2006 Posts: 591	RUP's are a mostly what stops BF __________________ Ultimatebbw.com Dangerouscurvesdesign.com

07-04-2008, 11:57 PM	#10
k0nr4d Confirmed User Industry Role: Join Date: Aug 2006 Location: Poland Posts: 9,229	I remember once when I worked for a sponsor and we had someone trying to bruteforce a site, i set the invalid login page to a jpg file that causes internet explorer to use a shitload of ram. I guess whatever program he was using was using internet explorer in some way, because it stopped almost instantly after. __________________ Mechanical Bunny Media Mechbunny Tube Script \| Mechbunny Webcam Aggregator Script \| Custom Web Development

07-05-2008, 02:57 AM	#13
Jens Van Assterdam The Dupre Pimp Join Date: Feb 2008 Location: Koh Samui Posts: 6,677	Those strongbox captcha´s are crackable by school girls.. All it takes is a good wordlist.. __________________ Read TOS for signature rules

07-05-2008, 12:42 PM	#15
payd2purv Too lazy to set a custom title Join Date: Jan 2008 Location: Toronto Posts: 2,727	Captcha hacks don't work off wordlists you fuckin newb. and if your password/username can be cracked by a wordlist you need to stop having control over ANYTHING that requires a login.. cause yer an idiot. __________________

07-05-2008, 12:50 PM	#16
Socks Confirmed User Industry Role: Join Date: May 2002 Location: Toronto Posts: 8,475	From: http://cxliv.org/2006/04/05/password_cracking_speed.php Using this as our guideline, a 6 character password using the 62 characters possible from upper- and lower-case letters and numbers will produce 57 billion possibilities, and according to this site, Class D hardware can exhaust every such possibility in just 1.5 hours. That's not long. Add common symbols to that mix (increasing the possible characters to 96) and you increase the combinations to 782 billion (for the same 6-character length), meaning the same hardware will take slightly longer to go through all iterations: 22 hours. Increasing the length of your password makes it more difficult - an 8 character password drawn from the pool of 62 possible characters (letters and numbers) means that there are 218 trillion possibilities, which would require the same hardware a whopping 253 days to process. Meanwhile, using the 96 possible characters that include common symbols would take 23 years on that same hardware!

07-05-2008, 01:35 PM	#17
ultimatebbwdotcom Confirmed User Join Date: Mar 2006 Posts: 591	Takes a whole lot longer when it has to work out the user and the pass, i think the example there is username known, password not. __________________ Ultimatebbw.com Dangerouscurvesdesign.com