GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Someone steals our customer passwords regularly

Mickey Mouse · 10-11-2007, 09:46 AM

I'm far from an expert as I've had a few problems in this area myself, but I'd second the recommendation for YOU to change your password to your email. I might also recommend using Gmail or Hushmail and accessing both via https. Gmail defaults to non https, so you'll have to type in the https to access it via SSL and remain on SSL. These systems will not only encrypt your Username and Password, but also everything you send--but only if access via https.

Email is two way, so even if your security is good, there could be an issue on the end of your new user. Similarly, you don't know if they have other security problems--the customer is the person you have no control over.

Your own security is another matter. Take a look at your home security. Make a strong wireless password if accessing via wireless, and consider VPN if using a connection in a hotel as many hotels use hubs not switches--they don't care about your security.

It's also probably time to change your password on your server's control panel as well as well as all the sites. Make sure your passwords are strong. Need help generating strong passwords? See https://www.grc.com/passwords.htm for a free password generator.

Make sure your password file is not web accessable. Obvious, but you'd be surprised.

Make sure your members' user names and passwords are strong. Probably not happening if your users are selecting their own.

99 times out of 100 if someone gets ahold of someone else's password it's because it was "given" to them. Meaning the customer put it up at some password sharing board. I don't tell my customers that I have password protection scripts, so many don't think I'll catch them. While others will wait until near the end of their membership and then share it. I've given serious thought about hiring a collection agency to go after these customers for the extra bandwidth, but luckily my password protection script always catches this before long and cuts them off.

Also, why not block the IP? Of course he'll just find a way to access from another, but curious why you didn't try anyway.

10-11-2007, 09:46 AM
Mickey Mouse Confirmed User Industry Role: Join Date: Apr 2006 Posts: 104	I'm far from an expert as I've had a few problems in this area myself, but I'd second the recommendation for YOU to change your password to your email. I might also recommend using Gmail or Hushmail and accessing both via https. Gmail defaults to non https, so you'll have to type in the https to access it via SSL and remain on SSL. These systems will not only encrypt your Username and Password, but also everything you send--but only if access via https. Email is two way, so even if your security is good, there could be an issue on the end of your new user. Similarly, you don't know if they have other security problems--the customer is the person you have no control over. Your own security is another matter. Take a look at your home security. Make a strong wireless password if accessing via wireless, and consider VPN if using a connection in a hotel as many hotels use hubs not switches--they don't care about your security. It's also probably time to change your password on your server's control panel as well as well as all the sites. Make sure your passwords are strong. Need help generating strong passwords? See https://www.grc.com/passwords.htm for a free password generator. Make sure your password file is not web accessable. Obvious, but you'd be surprised. Make sure your members' user names and passwords are strong. Probably not happening if your users are selecting their own. 99 times out of 100 if someone gets ahold of someone else's password it's because it was "given" to them. Meaning the customer put it up at some password sharing board. I don't tell my customers that I have password protection scripts, so many don't think I'll catch them. While others will wait until near the end of their membership and then share it. I've given serious thought about hiring a collection agency to go after these customers for the extra bandwidth, but luckily my password protection script always catches this before long and cuts them off. Also, why not block the IP? Of course he'll just find a way to access from another, but curious why you didn't try anyway. __________________ I'm not a pornographer, I'm an ARTIST! Currently traveling southeast Asia shooting Asian girl and ladyboy content. e-mail: support [at] baregirls . com