Who else think this is a security risk.....

**JoeMeca** · 12-07-2005, 04:49 PM

Yup i agree or a number like 487475 byt nope ahha

**SmokeyTheBear** · 12-07-2005, 04:51 PM

Originally posted by ebus_dk

Many affiliate program's have their link-codes like this:
http://domain.com/reftracler=ID
and ID = username in 50-60% of the cases...

I really don't feel good about people knowing my user-name..
They can take a brute force script + word-list.. and its just a matter of time before they have access to my account = my money

I like NATS because they encrypt the link - thanks guys... I wish more Programs would do the same

if someone is going to go thru the trouble of trying to brute force your affiliate account , they would just decrypt your username before they tried to crack it.. all the nats codes do for me is make it harder to add link codes.

**Tempest** · 12-07-2005, 04:53 PM

Perhaps you should generate a random 10+ digit password... Maybe even do the same for the username...

**Machete_** · 12-07-2005, 04:55 PM

Originally posted by SmokeyTheBear

if someone is going to go thru the trouble of trying to brute force your affiliate account , they would just decrypt your username before they tried to crack it.. all the nats codes do for me is make it harder to add link codes.

sure, but it could still make it a smaller risk

**Tempest** · 12-07-2005, 04:56 PM

Originally posted by SmokeyTheBear

all the nats codes do for me is make it harder to add link codes.

Yep.. pisses me off since I use scripts for all my links and sites so things like campaign codes and stuff can be done by the script... After ARS shutting down all their sites and then hawgcash, I don't hard code any freakin links anymore unless it's a gallery I have to submit...

**iwantchixx** · 12-07-2005, 04:57 PM

I agree with smokey on this one, it's much easier to play with codes.

**SmokeyTheBear** · 12-07-2005, 04:58 PM

Originally posted by ebus_dk

sure, but it could still make it a smaller risk

frankly i highly doubt it . if someone is determined to hack an affiliate account solely on a username they found , they would also be smart enough to decrypt the nats username that is very simply decoded.

**Machete_** · 12-07-2005, 04:58 PM

Originally posted by Tempest

Perhaps you should generate a random 10+ digit password... Maybe even do the same for the username...

I keep 8 char strong passwords thats different from each site, but the username they can se in the code - that is the problem..

Just like I know Smokey uses "gfy" or "gfygfy" on many of his sites.. its fucked

**Machete_** · 12-07-2005, 05:00 PM

Guess its just me then

**Hardlinks** · 12-07-2005, 05:03 PM

Originally posted by ebus_dk

Guess its just me then

Seeing my ref code gives me wood.

**Tempest** · 12-07-2005, 05:11 PM

Originally posted by Hardlinks

Seeing my ref code gives me wood.

Especially when it's showing up in the google serps.

JD · 12-07-2005, 05:29 PM

Originally posted by Tempest

Especially when it's showing up in the google serps.

werd

Who else think this is a security risk.....

Who else think this is a security risk.....

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment