Quote:
Originally Posted by Lord Voldemort
Several passwords were traded for my partner's site and he ended up with over $1000 in bandwidth overage fees. All the passwords were legitimate passwords in the htpassword file, created on very different dates from IPs in different countries, so we're wondering how the hell those fuckers got the passwords.
Anybody knows?
|
Hack attempts at your server is the most common I would say based on what I've seen. We implemented a lot of different ways to help prevent this on our backends including when a login is used from more that X number of IP's they get disabled. This will fix most of the overage problems, since when a password is shared on most of this shit sites you'll see a flood of logins with the same user from multiple IP's within a matter of minutes/hours.
Often times though you need to be aware that a legit member could be effected so you need to change their user/pass and get it to them ;)