GoFuckYourself.com - Adult Webmaster Forum - View Single Post

V_RocKs · 02-04-2006, 01:24 PM

Already hit on above... I used to crack passwords for fun when I was younger. Your website is a PRIME CLASS A website for cracking passwords.

#1, use the random password option. It is in the CCBILL admin or ask corvette to help you.
#2, use a form login like strongbox. Crackers hate form logins.

In your current situation I can steal the password file of a website similar in scope to your own. A solo-model amateur site. Most likely you both have say 800 to 4000 users at any given point in time. Of the 800 (low ball figure) you and the other site have had 25% of your customers signup at both sites at some point in time.

Since this has occured, many of the same combos I stole from them now work on you... You have no form login so checking which ones they are happens at 100,000 tries per hour. If you had a form it would be closer to 8,000 if it had a security code and 25,000 without one. This is because of all of the extra data and computing time a form sends. You current basic authentication popup screen is a header only request so it is very small and takes no time at all.

So again... random passwords so you do not share the same combos with other sites (just the same users)... And back it up with a form login with a security code... You will be like a car with an alarm and steering wheel lock... why steal your car when so many others are easier?

02-04-2006, 01:24 PM
V_RocKs Damn Right I Kiss Ass! Industry Role: Join Date: Dec 2003 Location: Cowtown, USA Posts: 32,428	Already hit on above... I used to crack passwords for fun when I was younger. Your website is a PRIME CLASS A website for cracking passwords. #1, use the random password option. It is in the CCBILL admin or ask corvette to help you. #2, use a form login like strongbox. Crackers hate form logins. In your current situation I can steal the password file of a website similar in scope to your own. A solo-model amateur site. Most likely you both have say 800 to 4000 users at any given point in time. Of the 800 (low ball figure) you and the other site have had 25% of your customers signup at both sites at some point in time. Since this has occured, many of the same combos I stole from them now work on you... You have no form login so checking which ones they are happens at 100,000 tries per hour. If you had a form it would be closer to 8,000 if it had a security code and 25,000 without one. This is because of all of the extra data and computing time a form sends. You current basic authentication popup screen is a header only request so it is very small and takes no time at all. So again... random passwords so you do not share the same combos with other sites (just the same users)... And back it up with a form login with a security code... You will be like a car with an alarm and steering wheel lock... why steal your car when so many others are easier?