GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Deek · 12-13-2005, 01:26 PM

password cracking....

Ok first, md5 is busted, mainly because of the invention of the rainbow tables. Basically what people have done is taken and computed the md5 hashes then simply compare the hash to those stored in their database

2nd.. Sure if your inside of the network you have direct access to the hashes, most wont and will be attempting to break into the site via webform. Thats what the image verification is trying to prevent.. Not attacks against the hash it self.

The proxy comment, the propper use of the published lists via ARIN can reduce the number of attacks from proxies considerably. Why? most of these attacks happen from outside of the united states. And this is also related to vuln scanning/port scanning. Blocking this at your edge device (router/firewall etc NOT YOUR SERVER!)

Im new to porn, so this statement may be wrong... It doesnt seem like many people care much for traffic outside of north america/europe. IE china/asia/russia, this is where a great deal (not alot of them) of proxies exist. So blocking the not so well liked countries servers two perposes, both security and more legit traffic. Again im new so im unsure how well this paragraph will fly.

Also most attacks by "Script kids" are not even geard towards adult. Its geard towards a pool of addresses. One of the botnets i busted in Feb 05 had bots which were assigned seperate areas of the net to search for open window file shares.

Im going post a poll after this... asking about how many actually check their logs...

Image verification is a major hassel. Dont get me wrong it upsets me. However image verification is typically implemented on community websites to prevent spammers. This is what i like. The use of a image verification on a pay site prior to payment does not make sense to me, because its unlikly (to me being new to the porn industry) that someone is going to take a credit card and apply to a whole series of pay sites.. If a person has the loot, their likly going for electronics which are easier to sell say on ebay.

As a gentleman stated before, theres no fool proof security mechinism, you can however be aware of the risks around you, and implement as many speed bumps as you can.

In security you must balance the "CIA", confidentiality, integrity, and the availability.

-Deek
3420164

12-13-2005, 01:26 PM
Deek Registered User Join Date: Nov 2005 Posts: 31	password cracking.... Ok first, md5 is busted, mainly because of the invention of the rainbow tables. Basically what people have done is taken and computed the md5 hashes then simply compare the hash to those stored in their database 2nd.. Sure if your inside of the network you have direct access to the hashes, most wont and will be attempting to break into the site via webform. Thats what the image verification is trying to prevent.. Not attacks against the hash it self. The proxy comment, the propper use of the published lists via ARIN can reduce the number of attacks from proxies considerably. Why? most of these attacks happen from outside of the united states. And this is also related to vuln scanning/port scanning. Blocking this at your edge device (router/firewall etc NOT YOUR SERVER!) Im new to porn, so this statement may be wrong... It doesnt seem like many people care much for traffic outside of north america/europe. IE china/asia/russia, this is where a great deal (not alot of them) of proxies exist. So blocking the not so well liked countries servers two perposes, both security and more legit traffic. Again im new so im unsure how well this paragraph will fly. Also most attacks by "Script kids" are not even geard towards adult. Its geard towards a pool of addresses. One of the botnets i busted in Feb 05 had bots which were assigned seperate areas of the net to search for open window file shares. Im going post a poll after this... asking about how many actually check their logs... Image verification is a major hassel. Dont get me wrong it upsets me. However image verification is typically implemented on community websites to prevent spammers. This is what i like. The use of a image verification on a pay site prior to payment does not make sense to me, because its unlikly (to me being new to the porn industry) that someone is going to take a credit card and apply to a whole series of pay sites.. If a person has the loot, their likly going for electronics which are easier to sell say on ebay. As a gentleman stated before, theres no fool proof security mechinism, you can however be aware of the risks around you, and implement as many speed bumps as you can. In security you must balance the "CIA", confidentiality, integrity, and the availability. -Deek 3420164 Last edited by Deek; 12-13-2005 at 01:28 PM..