GoFuckYourself.com - Adult Webmaster Forum - View Single Post

PornoBug · 02-17-2003, 03:29 AM

I fail to see how Pennywize is worth the supposed extra benefit you would gain from using it. Surely there are free, basic things you can do yourself to bring password traders to their knees.

Three free methods I use which I am happy to share are:

1. Have a form which prompts people for their username before they are taken to the a page with a link to the htacess protected part of the site, this stops most brute force scripts dead.

2. Use simple cookies on the main members page which are required to see the page. More than one login from a single IP results in the cookie being invalidated.
A few lines of php and a mysql database are all that are required for this.

3. Fairly obviously, keep all your scripts for username & password generation safe. make sure proper file permissions are applied to these scripts and they are not stored in obvious places. if your processor (many do) lets you rename the add user cgi then use a name which is difficult to guess.

These methods are free and have prevented my sites from being abused by password traders.

02-17-2003, 03:29 AM
PornoBug Confirmed User Industry Role: Join Date: Oct 2002 Location: Australia Posts: 237	I fail to see how Pennywize is worth the supposed extra benefit you would gain from using it. Surely there are free, basic things you can do yourself to bring password traders to their knees. Three free methods I use which I am happy to share are: 1. Have a form which prompts people for their username before they are taken to the a page with a link to the htacess protected part of the site, this stops most brute force scripts dead. 2. Use simple cookies on the main members page which are required to see the page. More than one login from a single IP results in the cookie being invalidated. A few lines of php and a mysql database are all that are required for this. 3. Fairly obviously, keep all your scripts for username & password generation safe. make sure proper file permissions are applied to these scripts and they are not stored in obvious places. if your processor (many do) lets you rename the add user cgi then use a name which is difficult to guess. These methods are free and have prevented my sites from being abused by password traders.