GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Is your site logon/password listed here? Password trading site!

William-Xfactor · 08-05-2004, 06:32 AM

What you see there is typical of any password dump/ forum
No point wasting your time trying to close it down they will have several mirrors and will be back up in no time.

You will notice 99 percent of those logins are user defined ?simple to brute-force?
And ?simple to decrypt?

Crackers know that people in general are lazy and use the same passwords for every site they join.

You cannot run a pay site that allows your customers to choose their own logins and not expect to have major password issues.

If your billing company allows random passwords to be assigned to your customers, do it!
And use a good length, I recommend 15 char. That will stop passwords from being brute-forced. Also by having a good length ?say 15 char? even if they exploit your server or a script to locate your password file they will be flat out trying to decrypt it.

All that needs doing then is to install a script like password sentry and that will alert you to any password trading.

08-05-2004, 06:32 AM
William-Xfactor Confirmed User Join Date: Mar 2004 Location: Melbourne Posts: 299	What you see there is typical of any password dump/ forum No point wasting your time trying to close it down they will have several mirrors and will be back up in no time. You will notice 99 percent of those logins are user defined ?simple to brute-force? And ?simple to decrypt? Crackers know that people in general are lazy and use the same passwords for every site they join. You cannot run a pay site that allows your customers to choose their own logins and not expect to have major password issues. If your billing company allows random passwords to be assigned to your customers, do it! And use a good length, I recommend 15 char. That will stop passwords from being brute-forced. Also by having a good length ?say 15 char? even if they exploit your server or a script to locate your password file they will be flat out trying to decrypt it. All that needs doing then is to install a script like password sentry and that will alert you to any password trading.