Quote:
Originally posted by gazool
Have you experienced "attacks" on your servers with 400+ password combinations... and the first or atleast one of the first attempts is going through?
I'm talking about someone sitting on alot of correct passwords, who is just hitting sites to see if they are valid still...
|
Are you saying that someone will brute your members area and out of 400 or so hits, at least one usually works? Is it always one of the first few?
Sounds to me like someone just has a really good combo list. Many people (especially trial abusers, I think) use the same username and password combination everywhere so if you compromise a couple of CCBill sites OR if you just collect valid username/password combinations from password boards and IRC, you can build a combo list that can get you into a lot of the major sites.
SpaceAce