Quote:
Originally posted by chupacabra
alibaba, if you are using a third-party processor like iBill, ccBill, etc., they most likely are not adding the password pairs through any security hole in your server, much more likely that they are being added through a weakness or exploit in the scripts of your processor... we use ccBill, and occasionally will see 'rogue' password pairs appear out of nowhere like this... if using ccBill, check the ccBill logs in your /secure directory, you will see that the password pairs in question were in fact added by the processors script somehow, and will usually even have a subscription ID number associated w/ them that is bogus... i've spoken to ccBill at length about this issue in the past, and some of the higher tech's there have acknowledged that the system has been compromised on occasion, and it is to be expected w/ such a far-flung processor... many undesirables are probably plugging away at this very moment looking for a hole. they always get them plugged quickly it seems, and i just delete the errant password pairs when they arrive. a real point of interest to me is that most of the pairs that appear unexpectedly never show any usage in my pw sentry logs, which has always baffled me... happy halloween all you freaks..!
|
Actually I'm not using CCBill on my sites. I use IBill, Epoch and MSBill. I'm checking the referer if it's refered by the processors server in the script. So technically there is no way to do that. But somehow some freaks find away. My password sentry deletes these password when they are shared. But generally they don't share this, porbably using for their own. In any way I see a hit in a day in my stats. Not an actual usage, just a hit to members area. This makes me think that a robot checks the password in case it's still valid. This really looks pro, not a lame work they do.