HELP: Pennywize blocked over 45 members today!!!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • mrgica
    Confirmed User
    • Jan 2004
    • 2169

    #1

    HELP: Pennywize blocked over 45 members today!!!

    Today I received over 45 emails from pennywize, about blocked accounts to my paysite...every account got blocked after 4-5 different subnets was used on the same account.

    My best guess right now is that someone stole my password file from my server...what can I do? Help...

    I don't know how to stop it....

    Screenshot: http://img376.imageshack.us/my.php?image=fuck7ei.jpg
    Fuck it dude, lets go bowling
  • JoeMeca
    So Fucking Banned
    • Nov 2005
    • 2266

    #2
    damn yes you need some help!

    Comment

    • OneHungLo
      So Fucking Banned
      • May 2001
      • 40902

      #3
      ahh man thats what a hate about pennywize...

      Did you just install it? How long have you been using pennywize? To fix that just bump the subnets up a bit.

      Comment

      • OneHungLo
        So Fucking Banned
        • May 2001
        • 40902

        #4
        also it's probably aol users... they can go thru 2 -10 subnets in a session.

        Comment

        • Libertine
          sex dwarf
          • May 2002
          • 17860

          #5
          Originally posted by OneHungLo
          ahh man thats what a hate about pennywize...

          Did you just install it? How long have you been using pennywize? To fix that just bump the subnets up a bit.
          It now becomes clear why exploitedteens.com was always a big favourite on password sites
          /(bb|[^b]{2})/

          Comment

          • mrgica
            Confirmed User
            • Jan 2004
            • 2169

            #6
            Originally posted by OneHungLo
            also it's probably aol users... they can go thru 2 -10 subnets in a session.
            its not aol users...I have been using pennywize for a couple of months now and it usually blocks 1-2 accounts per day...
            besides subnets are completely different and comes from different countries...
            Fuck it dude, lets go bowling

            Comment

            • Tanker
              Confirmed User
              • Nov 2000
              • 9287

              #7
              I set my threshhold to 10 subnets and just watch them very carefully

              Tanker
              ICQ 3427575


              CCBTools Now featured in the CCBill.com APP STORE

              Comment

              • Tanker
                Confirmed User
                • Nov 2000
                • 9287

                #8
                It's pretty easy to tell which ones get out

                Tanker
                ICQ 3427575


                CCBTools Now featured in the CCBill.com APP STORE

                Comment

                • mrgica
                  Confirmed User
                  • Jan 2004
                  • 2169

                  #9
                  I don't see any solution on this problem, I just have to wait a couple of days or weeks until its over.
                  And deal with my angry members....

                  But how can I protect the password file better? To avoid this in the future?
                  Fuck it dude, lets go bowling

                  Comment

                  • mrgica
                    Confirmed User
                    • Jan 2004
                    • 2169

                    #10
                    Originally posted by Tanker
                    It's pretty easy to tell which ones get out
                    all of those accounts logged in with different subnets and from different countries.
                    The problem here is that someone stole/hacked my password file on the server and past the whole list on some forum or something..
                    Fuck it dude, lets go bowling

                    Comment

                    • SmokeyTheBear
                      ►SouthOfHeaven
                      • Jun 2004
                      • 28609

                      #11
                      Originally posted by mrgica
                      But how can I protect the password file better? To avoid this in the future?
                      Find out who took it and poke large holes in him with an icepick until he promises never to use a computer again
                      hatisblack at yahoo.com

                      Comment

                      • mrgica
                        Confirmed User
                        • Jan 2004
                        • 2169

                        #12
                        Originally posted by SmokeyTheBear
                        Find out who took it and poke large holes in him with an icepick until he promises never to use a computer again
                        Fuck it dude, lets go bowling

                        Comment

                        • Libertine
                          sex dwarf
                          • May 2002
                          • 17860

                          #13
                          Originally posted by mrgica
                          I don't see any solution on this problem, I just have to wait a couple of days or weeks until its over.
                          And deal with my angry members....

                          But how can I protect the password file better? To avoid this in the future?
                          Here's a step by step list of what to do:

                          1. Make sure your server hasn't been hacked. If it has been, fix the problem.
                          2. Make sure your password file isn't accessible. Check for (known?) security issues with any scripts you are using, and implement any common sense security measures you haven't implemented yet (e.g. placing your password file in a directory that isn't web-accessible, etc.)
                          3. Start checking signups and existing username/password combos against common wordlists. Respectively, change them and stop allowing them.
                          4. If the problem doesn't stop... (this will hurt) get all your members to change their passwords.
                          5. Try and make unhappy hacked members happy again by giving them a free week of access or whatever.
                          /(bb|[^b]{2})/

                          Comment

                          • mrgica
                            Confirmed User
                            • Jan 2004
                            • 2169

                            #14
                            Originally posted by punkworld
                            Here's a step by step list of what to do:

                            1. Make sure your server hasn't been hacked. If it has been, fix the problem.
                            2. Make sure your password file isn't accessible. Check for (known?) security issues with any scripts you are using, and implement any common sense security measures you haven't implemented yet (e.g. placing your password file in a directory that isn't web-accessible, etc.)
                            3. Start checking signups and existing username/password combos against common wordlists. Respectively, change them and stop allowing them.
                            4. If the problem doesn't stop... (this will hurt) get all your members to change their passwords.
                            5. Try and make unhappy hacked members happy again by giving them a free week of access or whatever.
                            Thanks man, much appreciated.
                            Fuck it dude, lets go bowling

                            Comment

                            • onlytease
                              Confirmed User
                              • Sep 2003
                              • 1553

                              #15
                              also a good idea to stop letting members chose their own login and password (if you do) and let CCBill generate a random one - presuming you are using ccbill
                              Paul L - OnlyTease / Only-Opaques / Only-Secretaries / OnlySilkandSatin / Art-Lingerie / Layered-Nylons
                              Sponsor program at www.otcash.com

                              Comment

                              • Dalai lama
                                Strength and Honor
                                • Jul 2004
                                • 16540

                                #16
                                get strongboxxx

                                A program you can trust.
                                Gallerybooster Run multiply TGPs of 1 script

                                Comment

                                • John69
                                  Confirmed User
                                  • Sep 2005
                                  • 942

                                  #17
                                  get strong box
                                  DARKSOUL: thanks but no thanks, your over priced.

                                  Comment

                                  • HairToStay
                                    Confirmed User
                                    • Oct 2002
                                    • 1521

                                    #18
                                    If the password file was stolen -- what processor do you use? Shared or dedicated server? Up-to-date php software? phpBB running on the box?

                                    Check server logs to see specifically what files were accessed, and how.
                                    Make bank by giving your surfers free pics every day and it costs you NOTHING! Use POTD Sponsors to find adult sponsors in more than 75 niches who offer a POTD feature!

                                    Comment

                                    Working...