CCBill-Giving Away Your Memberships!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • dgraves
    Confirmed User
    • Nov 2005
    • 2283

    #1

    CCBill-Giving Away Your Memberships!

    that's right...check this shit out!

    last month one of my members was blocked by pennywize for password trading. this guy actually had the nerve to contact ccbill to complain about being blocked. normally, when i get a blocked account email from pennywize i cancel the membership right away but it was a busy day for me so i didn't get around to it. ccbill sent me an email saying a customer was compaining about being blocked so i replied that he was a password trader and not to re-add him.

    the customer sent another email complaint so ccbill refunded their membership. when i called ccbill, the rep told me that the other rep who refunded it did not read the message i sent and that it was a mistake on their part. oh ok, so it's a mistake at my expense! oh well, shit happens but it gets better...

    a few days ago another member got blocked for password trading so i was quick to get on this one. after doing a look-up, i discovered that the membership expired almost a year ago! the ccbill rep told me that sometimes the "kill" message in their script doesn't remove the login from the (htpasswd) file. i couldn't believe it! he assured me that it was very uncommon even though the only way i caught this one was he was sharing the wealth of his life-time membership with his buddies. you see, the "kill" message only gets sent once so if it misses the member he gets a FREE life-time membership!

    out of curiousity i downloaded the htpasswd file and compared it to my active members and as it turns out, 45 non-members still have full access to my member's area! some of them have had it as far back as 2006! so not only am i losing potential membership sales, i'm paying for their bandwidth!

    i'm still waiting for them to take action and tell me what they're going to do to fix this. if you're using ccbill as a processor you could be giving people free life-time memberships and it's worth looking into.
    Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place
  • The Heron
    Confirmed User
    • Apr 2001
    • 4496

    #2
    Not exactly a news flash. You can ask them to resync your htpasswd file which would prevent that problem if you did it on say a monthly basis.

    Comment

    • After Shock Media
      It's coming look busy
      • Mar 2001
      • 35299

      #3
      Bad news indeed. Though I would not straight out kill anyone pennywise blocks. First that software sort of sucks and is common to throw false positives and second is that some people do get their shit jacked and never shared anything.

      [email protected] ICQ:135982156 AIM: Aftershockmed1a MSN: [email protected]

      Comment

      • andrej_NDC
        Registered User
        • May 2004
        • 7760

        #4
        Man, those password protection scripts have so many bugs, that just because it tells you the member is a password trader, it doesn't have to be true. In most cases, it isn't. Even if you have a internet connection not with a stable IP and you login to the site each time from a different IP, it blocks you.

        And about the 45 non-paying members, I'm pretty sure most of the old members don't download anything anymore, but even if they would, bandwitch is so cheap nowadays...You concentrate too much on the "not so important" things.

        Comment

        • dgraves
          Confirmed User
          • Nov 2005
          • 2283

          #5
          well, this is new to me.

          as far as pennywize goes, you could be right. it's the software my host offers so that's why i use it. i'm going to look into using something else.

          when i remove someone it's because they are showing hits from numerous countries so it seems odd that the software would generate bogus info like that. kind of defeats the purpose don't you think?

          why should i do additional work on a monthly basis? i pay them 14% to do that! i'm sure no one at ccbill logs into my member's area on a regular basis to make sure it's up.

          i doubt very much that someone is going to hack a computer and then take the time to get their porn site logins to then go on a board where they share the logins for free. pretty generous thieves!

          many of the non-members are in the member's area all the time...i checked. after all why wouldn't they. i'm sure they don't mark on their calendar when their membership expires and they don't try after that date. you're missing the point about the bandwidth. it doesn't matter if it's 1 non-member or 45, there's a problem that needs to be fixed. those are 45 people who would never re-join!
          Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place

          Comment

          • After Shock Media
            It's coming look busy
            • Mar 2001
            • 35299

            #6
            Quick question, do you let users pick usernames and passwords or do you have ccbill assign long random digit ones?

            [email protected] ICQ:135982156 AIM: Aftershockmed1a MSN: [email protected]

            Comment

            • Joelercoaster
              Registered User
              • Mar 2008
              • 7

              #7
              Hey D,

              You and I have talked in the past at TFF, remember? I'm not sure exactly how others do it, but just an FYI, our password management is a little more "enterprise class" than what you described. If we post *any* change to the user/pass data, our system expects a positive response from the module. If it doesn't get that response, it assumes the post failed and it will post again until it succeeds. I would think the better systems have at least that level of data integrity protection built in.

              Also, as you know, using your bandwidth fraud package controls to stop sharing without making life too difficult for your customers is, of course, a balance. We work with our merchants on those strategies. Hit me up if you'd like to discuss.

              Joel Hoskins | Director, Key Accounts | DHD Media | ICQ: 416877257
              http://www.dhdmedia.com

              Comment

              • dgraves
                Confirmed User
                • Nov 2005
                • 2283

                #8
                Originally posted by After Shock Media
                Quick question, do you let users pick usernames and passwords or do you have ccbill assign long random digit ones?
                they can select their own login.
                Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place

                Comment

                • After Shock Media
                  It's coming look busy
                  • Mar 2001
                  • 35299

                  #9
                  Originally posted by dgraves
                  they can select their own login.
                  That alone is a severe security issue and will get your valid accounts hacked on a daily basis. Odds are you have been cancelling valid customers who had their usernames and passwords guessed or brute forced. Hell I would reason to say 9 out of 10 people you thought were sharing passwords, never did after knowing this.

                  [email protected] ICQ:135982156 AIM: Aftershockmed1a MSN: [email protected]

                  Comment

                  • dgraves
                    Confirmed User
                    • Nov 2005
                    • 2283

                    #10
                    Originally posted by Joelercoaster
                    Hey D,

                    You and I have talked in the past at TFF, remember? I'm not sure exactly how others do it, but just an FYI, our password management is a little more "enterprise class" than what you described. If we post *any* change to the user/pass data, our system expects a positive response from the module. If it doesn't get that response, it assumes the post failed and it will post again until it succeeds. I would think the better systems have at least that level of data integrity protection built in.

                    Also, as you know, using your bandwidth fraud package controls to stop sharing without making life too difficult for your customers is, of course, a balance. We work with our merchants on those strategies. Hit me up if you'd like to discuss.

                    hey joel, how's it going man! ya, this is not cool. i just spoke with my host and there was no maintenance being performed on the dates in question. i'm not sure where the problem exists yet but it's something ccbill needs to work on.
                    Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place

                    Comment

                    • aico
                      Moo Moo Cow
                      • Mar 2004
                      • 14748

                      #11
                      I tested CCBill a few times for customer service, asked for a refund on a site, and they told me it was not possible for them to give refunds, only the site could issue refunds. I told them I knew this was not true as I am a site owner myself, and they basically told me to go to hell.

                      Which is exactly why I use Epoch, and will never use CCBill.
                      Last edited by aico; 08-15-2008, 05:13 PM.

                      Comment

                      • AnniKN
                        Confirmed User
                        • Feb 2008
                        • 1682

                        #12
                        Originally posted by dgraves
                        i doubt very much that someone is going to hack a computer and then take the time to get their porn site logins to then go on a board where they share the logins for free. pretty generous thieves!
                        They don't hack the person's computer - they hack your site, they don't get a password at a time... they get dozens and they do it using automated tools. They DO share the passwords since it's what the password trading forums do. A person buying a membership and sharing it would be WAY more generous a thief than the ones who steal them

                        Comment

                        • dgraves
                          Confirmed User
                          • Nov 2005
                          • 2283

                          #13
                          Originally posted by After Shock Media
                          That alone is a severe security issue and will get your valid accounts hacked on a daily basis. Odds are you have been cancelling valid customers who had their usernames and passwords guessed or brute forced. Hell I would reason to say 9 out of 10 people you thought were sharing passwords, never did after knowing this.
                          i'm not sure if there's a way to change that...just the way they do it.
                          Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place

                          Comment

                          • After Shock Media
                            It's coming look busy
                            • Mar 2001
                            • 35299

                            #14
                            Originally posted by dgraves
                            i'm not sure if there's a way to change that...just the way they do it.
                            There is, I run a ccbill site or three myself.

                            [email protected] ICQ:135982156 AIM: Aftershockmed1a MSN: [email protected]

                            Comment

                            • dgraves
                              Confirmed User
                              • Nov 2005
                              • 2283

                              #15
                              Originally posted by AnniKN
                              They don't hack the person's computer - they hack your site, they don't get a password at a time... they get dozens and they do it using automated tools. They DO share the passwords since it's what the password trading forums do. A person buying a membership and sharing it would be WAY more generous a thief than the ones who steal them
                              if they get dozens at a time, why wouldn't there be more logins blocked? this only happens about once a month.
                              Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place

                              Comment

                              • Rochard
                                Jägermeister Test Pilot
                                • Dec 2001
                                • 75733

                                #16
                                Your first mistake is using pennywize.
                                Herschel Savage
                                Brooklyn, NY

                                Comment

                                • After Shock Media
                                  It's coming look busy
                                  • Mar 2001
                                  • 35299

                                  #17
                                  Originally posted by dgraves
                                  if they get dozens at a time, why wouldn't there be more logins blocked? this only happens about once a month.
                                  Trust us, that is how it works.

                                  [email protected] ICQ:135982156 AIM: Aftershockmed1a MSN: [email protected]

                                  Comment

                                  • dgraves
                                    Confirmed User
                                    • Nov 2005
                                    • 2283

                                    #18
                                    Originally posted by After Shock Media
                                    There is, I run a ccbill site or three myself.
                                    k, found that setting in the admin and changed it from "user defined" to "random". thanks for the tip, that should help quite a bit.
                                    Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place

                                    Comment

                                    • dgraves
                                      Confirmed User
                                      • Nov 2005
                                      • 2283

                                      #19
                                      Originally posted by After Shock Media
                                      Trust us, that is how it works.
                                      so what's the fix?
                                      Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place

                                      Comment

                                      • After Shock Media
                                        It's coming look busy
                                        • Mar 2001
                                        • 35299

                                        #20
                                        Originally posted by dgraves
                                        so what's the fix?
                                        Random passwords & user names.
                                        Better security program like strongbox or phantomfrog.
                                        Reset a persons password once if they get nailed for duplicate password usage and email them the new password along with how to sweep their PC. If it happens again with them cancel account.
                                        Synch your site with ccbill once every month or quarter.

                                        [email protected] ICQ:135982156 AIM: Aftershockmed1a MSN: [email protected]

                                        Comment

                                        • dgraves
                                          Confirmed User
                                          • Nov 2005
                                          • 2283

                                          #21
                                          Originally posted by aico
                                          I tested CCBill a few times for customer service, asked for a refund on a site, and they told me it was not possible for them to give refunds, only the site could issue refunds. I told them I knew this was not true as I am a site owner myself, and they basically told me to go to hell.

                                          Which is exactly why I use Epoch, and will never use CCBill.
                                          i was told the same thing then one day i saw a refund so i called. they said the member threatened to charge back so the refunded. i asked what the reason was and they didn't know.
                                          Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place

                                          Comment

                                          • dgraves
                                            Confirmed User
                                            • Nov 2005
                                            • 2283

                                            #22
                                            Originally posted by After Shock Media
                                            Random passwords & user names.
                                            Better security program like strongbox or phantomfrog.
                                            Reset a persons password once if they get nailed for duplicate password usage and email them the new password along with how to sweep their PC. If it happens again with them cancel account.
                                            Synch your site with ccbill once every month or quarter.
                                            ya, i'm going to switch to something else. i definately don't want to be cancelling members due to software errors.
                                            Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place

                                            Comment

                                            • BVF
                                              Black Vagina Finder
                                              • Jan 2002
                                              • 13975

                                              #23
                                              Originally posted by After Shock Media
                                              Bad news indeed. Though I would not straight out kill anyone pennywise blocks. First that software sort of sucks and is common to throw false positives and second is that some people do get their shit jacked and never shared anything.
                                              Yes, just because pennywize blocked them doesn't mean that they're password traders....I hope that you at least logged into the admin area to make sure that they weren't using AOL or something...

                                              Pennywize used to block all kinds of shit for no reason.

                                              Black Pussy
                                              Click On Mr Cosby..CCbill, 60/40, 136 FHG's....The Cos Loves Black Ghetto Pussy!!

                                              Comment

                                              • TMM_John
                                                Confirmed User
                                                • May 2004
                                                • 6664

                                                #24
                                                Duh! Just use NATS, it can be setup to catch these!


                                                Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS!

                                                Comment

                                                • dgraves
                                                  Confirmed User
                                                  • Nov 2005
                                                  • 2283

                                                  #25
                                                  Originally posted by BVF
                                                  Yes, just because pennywize blocked them doesn't mean that they're password traders....I hope that you at least logged into the admin area to make sure that they weren't using AOL or something...

                                                  Pennywize used to block all kinds of shit for no reason.
                                                  i check each one out individually before i cancel their membership.
                                                  Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place

                                                  Comment

                                                  • dgraves
                                                    Confirmed User
                                                    • Nov 2005
                                                    • 2283

                                                    #26
                                                    Originally posted by PBucksJohn
                                                    Duh! Just use NATS, it can be setup to catch these!
                                                    lol, nice plug!
                                                    Gloryhole Swallow | Cumpsters | Spy Tug | Cum Clinic | Chica's Place

                                                    Comment

                                                    Working...