Site owners - When do you terminate a member who you think is password sharing?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • ER!C L!VE
    Confirmed User
    • Feb 2005
    • 724

    #1

    Site owners - When do you terminate a member who you think is password sharing?

    When you think someone has shared a password, do you email the person first and ask about the issue or do you just terminate him/her? I have strongbox and I can tell when a member has many different IPs have accessed the site. Some I have let slid, others I have flat out terminated. It depends on how I'm feeling that day. However, I really don't want to lose their business as these people could keep rebilling for 6 months as far as I know. Also, I know many of these people use the same login info on multiple sites, so haxorz can access sites using their info without the member knowing. So, what to do?

    Thanks in advance!

    Eric
    www.BackroomCastingCouch.com
    www.ExploitedCollegeGirls.com
    www.FCUKCash.com
  • Pete-KT
    Workin With The Devil
    • Oct 2004
    • 51532

    #2
    I let proxxypass block them for 10 days, if they email me and ask why they can't access we tell them why and ask them to change there un and pw, if it gets hacked again after then we know there sharing and leave them blocked

    Comment

    • suesheboy
      Confirmed User
      • Nov 2002
      • 5211

      #3
      How many IPS per day - per week?
      Adult Web Site Domain Names For Sale
      Adult Sex Toy Domain Names For Sale
      Tantric Delights, Sex Toys Blog, Tantric Sex Toys

      Comment

      • bopha
        Confirmed User
        • Sep 2002
        • 1882

        #4
        We use software to handle that as well.

        Comment

        • ER!C L!VE
          Confirmed User
          • Feb 2005
          • 724

          #5
          Cool. Thanks. I'll let them know they need to change their username and password and keep an eye on them after that. It varies on the ISPs.. 3-10 in a week or day.

          What about the issue of charge backs? Do you refund or have you not had a chargeback issue with password sharing people?
          www.BackroomCastingCouch.com
          www.ExploitedCollegeGirls.com
          www.FCUKCash.com

          Comment

          • CC
            Confirmed User
            • Feb 2001
            • 1690

            #6
            We just let iprotect do its job. If only a few people are sharing, it would still be worth it to me to keep getting the rebill.

            Comment

            • Barefootsies
              Choice is an Illusion
              • Feb 2005
              • 42635

              #7
              They are blocked as soon as they show up from different IP blocks. The system auto blocks them, and changes their password.

              If it happens again, they then have to call or write and ask, "what up" personally.
              Should You Email Your Members?

              Link1 | Link2 | Link3

              Enough Said.

              "Would you rather live like a king for a year or like a prince forever?"

              Comment

              • Ange
                Registered User
                • Jan 2006
                • 44

                #8
                I let proxypass block them too

                Comment

                • TeenCat
                  Too lazy to set a koala
                  • Jan 2007
                  • 16139

                  #9
                  proxypass, when 3ips are logged, block for 24hours, change pass to some d5FGfds1va6 and email to member, if it will continue do this three times and then say sorry to him cause his email or computer is hacked and that can be danger for your or your members security

                  6bot
                  / Coming again very soon!
                  Svit Zlin Radio 24/7!

                  Comment

                  • rvn
                    Confirmed User
                    • Sep 2006
                    • 176

                    #10
                    I think that banning paid members is a bad idea. First of all, the same person can log in from home, then from work, then from laptop via wi-fi. If you want, you can ban these members automatically. As a result, your site's reputation will fall down, and there will be someone why may post messages on various forums and blogs that you are scam. I think that notifying these members by email about changing and not sharing their passwords is the best solution.
                    These things are good

                    Comment

                    • Bansheelinks
                      Confirmed User
                      • Apr 2003
                      • 6023

                      #11
                      If they bandwidth-suck, its termination time.

                      And don't let them tell you, "I'll be baaack" or let them convince you that you have to "Come with me if you want to live."

                      Termination. T-1000 style.

                      Comment

                      • Shoehorn!
                        Die With Your Boots On
                        • Oct 2003
                        • 22872

                        #12
                        Originally posted by rvn
                        I think that banning paid members is a bad idea. First of all, the same person can log in from home, then from work, then from laptop via wi-fi.
                        This is very true. Just because they login from a few different IPs doesn't necessarily mean that they are sharing.

                        Comment

                        • cj_purve
                          Confirmed User
                          • Sep 2002
                          • 1065

                          #13
                          If it walks like a duck and talks like a duck its probably not a chicken ...

                          If someone is just logging in from multiple ip's the downloads should be random, sporadic and average ... if a password has been shared or hacked you'll notice different movement in that account. I'm not sure if pennywize is still available for lease but it has a download counter for each user/pass that shows you who has downloaded what. Its not hard to spot the cheats if you have the right data.

                          Comment

                          • GT-Omar
                            DM at Performive.com
                            • Aug 2006
                            • 2968

                            #14
                            bump for good topic!


                            Email me

                            Skype me

                            Comment

                            • TheDoc
                              Too lazy to set a custom title
                              • Jul 2001
                              • 13827

                              #15
                              I use strongbox.. I check my logins all the time. With password leaks I first make sure the account should still be active (that does happen). If it's a leak I change the password and email the member a simply email that says we changed the password, and here is the new login details.

                              If the account re-leaks (very low %) and the account is a fresh cancel, I kill the access. If it's an old account I select a new hard password, from here if a re-leak happens again I cancel and close the account.

                              I check all failed password logins, and email the member a notice on why they are having login problems. I email 80% to the 20% that ask for help.

                              From here I check every login that takes place, since I can see every country/ip, anyone that has more than 2 logins from a different country/isp/ip I email a new password.
                              ~TheDoc - ICQ7765825
                              It's all disambiguation

                              Comment

                              • hell
                                Registered User
                                • Feb 2003
                                • 75

                                #16
                                i just change the password to there street address on file if they think ya know where they live they aint likely to do any shit
                                email them with a nice email saying ya password was changed for security reasons blah blah
                                ........ FuCkEn DiE -I-

                                Comment

                                • ER!C L!VE
                                  Confirmed User
                                  • Feb 2005
                                  • 724

                                  #17
                                  Originally posted by hell
                                  i just change the password to there street address on file if they think ya know where they live they aint likely to do any shit
                                  email them with a nice email saying ya password was changed for security reasons blah blah
                                  lol that's (evil) genius!

                                  I have a new password for the members.
                                  www.BackroomCastingCouch.com
                                  www.ExploitedCollegeGirls.com
                                  www.FCUKCash.com

                                  Comment

                                  • RyuLion
                                    • Mar 2003
                                    • 32369

                                    #18
                                    You can spend a lot of time looking for password share'ers..
                                    They get a email after they get blocked to change it..after the third time and warnings..we ban them!

                                    Adult Biz Consultant A tech head since 1995
                                    Affiliate Support: Chaturbate | CCBill Live

                                    Comment

                                    • Kolargol
                                      Confirmed User
                                      • Mar 2003
                                      • 1319

                                      #19
                                      it depends on how much they downloaded, how different their IPs are and also if the customer is and old one and might come back or rebill.

                                      Comment

                                      • raymor
                                        Confirmed User
                                        • Oct 2002
                                        • 3745

                                        #20
                                        I'd re-enable the user can change the password only, not the user name, once
                                        and email them the new password, telling them to be sure to keep it safe.
                                        If the new password gets out on the password sites I'd probably cancel them.
                                        I might give them one more chance. If a total of three different passwords of
                                        theirs get out I'd figure they were giving it out and get rid of them.

                                        One thing to be aware of, though, is password file ripping. If a LOT of passwords
                                        get out at about the same time, a cracker probably found a hole in some PHP
                                        script and downloaded your whole password file. That happens a lot if you use
                                        the old DES encryption that was for so long the standard way to encrypt passwords.
                                        That's not the user's fault, of course. In that case I'd upgrade the encryption, which
                                        we can help you with, and assign new passwords to the affected users.

                                        Normally I wouldn't change someone's user name, only their password, so it's
                                        easy to see later if the same users password keeps getting out.
                                        For historical display only. This information is not current:
                                        support@bettercgi.com ICQ 7208627
                                        Strongbox - The next generation in site security
                                        Throttlebox - The next generation in bandwidth control
                                        Clonebox - Backup and disaster recovery on steroids

                                        Comment

                                        Working...