Password Software

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Sleepy
    Confirmed User
    • Nov 2001
    • 679

    #1

    Password Software

    Anyone want to recommend some password software ?
    We use Iprotect and a few other little tricks but we are hit so many fucking times per day its like pissing in the wind. We block each password hacking attempt after 5 guesses but these hackers use proxy servers. So, if they have 5 guesses per proxy and a list of 10,000 proxies they still get 50,000 shots at cracking a password.

    We own a copy of the source to Iprotect and Im considering having our programmer rewrite it so its more efficient. I figure if someone already wrote a program that can do the job I might as well buy it. Our prgrammer writes in C, php, java and can do anything but password protection is a learning curve for him. Of course its never good to experiment when it comes to passwords and memberships so Im saving that as plan "B".

    Thanks !
  • pr0
    rockin tha trailerpark
    • May 2001
    • 23088

    #2
    you wont be able to stop em....dont bother.


    the only real solution is a script like pennywise


    but thats pissing in the wind as well......


    I suggest making the users choose 8+ character passes.


    Also...if you would like to inquire in some professional protection, let me know....i got some hookups
    __________
    Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

    Comment

    • heymatty
      Confirmed User
      • Oct 2001
      • 2188

      #3
      save yourself the hassle and buy pennywize, at pennywize.com.

      Its only $30 a month (for the least number of logins per day) and it works fine.

      Cashlantis ~ Black Book Cash

      Comment

      • Sleepy
        Confirmed User
        • Nov 2001
        • 679

        #4
        Pennywize pipes your logs off to another server, then analyzes them, then writes back your server to tell it to block a hacker. By the time that happens theres a good chance your server isnt responding anymore. I also had my programmer look at their software and ( at the time ) he told me when it switches to 'root' theres a large securtiy hazard. I also dont like the fact that the owner of Pennywize has obvious ties with his own adult programs and has acess to my logs. I havent looked at pennywize in a long time but I dont think its basic operation has changed. It worked great for me 5 years ago with 200 members but it didnt work so good with 15,000 members and a half million hack attempts per day. For a small site I recommend Pennywize but it couldnt take the stress on my sites. Any program where my server has to send info to another server just aint working for me.

        Comment

        • Sleepy
          Confirmed User
          • Nov 2001
          • 679

          #5
          Originally posted by pr0
          you wont be able to stop em....dont bother.
          the only real solution is a script like pennywise
          but thats pissing in the wind as well......
          I suggest making the users choose 8+ character passes.
          Also...if you would like to inquire in some professional protection, let me know....i got some hookups
          I was thinking of hiring Aussie Rebel to personally go to each hackers house and beat the shit out of them :D

          Comment

          • $tandaman
            Pimping 8EZ
            • Jun 2001
            • 3530

            #6
            We just released version 2.0 of passtrojan, you can check it out.
            The beauty of it, it let's people who got the hotlinked password in, even though password is blocked, and you show them completely different page without actually having the nasty window to re-try the password popup for 3 times, and then getting the 403 page.

            This way you get all the traffic in for free, and you can send it out anywhere you want.

            check it out: http://www.passtrojan.com
            CentroProfits.com - Make money with 3000+ Models!
            ModelCentro.com - Multiple award winning hosted CMS designed to run solo model sites, with affiliate program built in. Launch your model site in 24 hrs or less!
            FanCentro.com - Premium social network for SWs & Fans!

            Comment

            • GotGauge
              Confirmed User
              • Nov 2001
              • 3072

              #7
              What OS are you on?
              If you run NT Win2K
              I like DAF.
              Wont stop people from cracking them, but
              it only lets 1 user per username/password


              ICQ 22264474
              [email protected]

              Comment

              • spacedog
                Yes that IS me. Bitch.
                • Nov 2001
                • 14149

                #8
                Try PassHack Killer

                Comment

                • pr0
                  rockin tha trailerpark
                  • May 2001
                  • 23088

                  #9
                  Originally posted by $tandaman
                  We just released version 2.0 of passtrojan, you can check it out.
                  The beauty of it, it let's people who got the hotlinked password in, even though password is blocked, and you show them completely different page without actually having the nasty window to re-try the password popup for 3 times, and then getting the 403 page.

                  This way you get all the traffic in for free, and you can send it out anywhere you want.

                  check it out: http://www.passtrojan.com
                  This is what crackers call "spitting fakes" & that protection works decent. (For most newbie kids)

                  If you wanna learn more about how they get in, & how to keep em out, i suggest you do battle with them in the trench's so to speak.

                  Only way to learn how to stop them is to see it first hand.

                  Heres a hint "Dalnet" "IRC" "#hackedxxxpasswords"

                  By the way....heres some names you may want to look at on the search engines

                  "Golden Eye"
                  "Brutus"
                  "Aries"

                  You find out how the fuckers are crackin at ya.....you'll find out how to stop em.

                  I also like the Aussie Rebel Beat down idea
                  __________
                  Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

                  Comment

                  • Sleepy
                    Confirmed User
                    • Nov 2001
                    • 679

                    #10
                    Originally posted by $tandaman
                    We just released version 2.0 of passtrojan, you can check it out.
                    The beauty of it, it let's people who got the hotlinked password in, even though password is blocked, and you show them completely different page without actually having the nasty window to re-try the password popup for 3 times, and then getting the 403 page.

                    This way you get all the traffic in for free, and you can send it out anywhere you want.

                    check it out: http://www.passtrojan.com
                    How do you get around the problem with the proxy servers ? I already have 403 redirection and my current program is written in C so it barely uses any resources. Stopping the shared passwords is easy, the problem is stopping them from being stolen from legit members.

                    Comment

                    • pr0
                      rockin tha trailerpark
                      • May 2001
                      • 23088

                      #11
                      Heres one of your little friends.....

                      __________
                      Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

                      Comment

                      • Sleepy
                        Confirmed User
                        • Nov 2001
                        • 679

                        #12
                        Originally posted by pr0


                        Heres a hint "Dalnet" "IRC" "#hackedxxxpasswords"
                        By the way....heres some names you may want to look at on the search engines
                        "Golden Eye"
                        "Brutus"
                        "Aries"
                        You find out how the fuckers are crackin at ya.....you'll find out how to stop em.
                        I also like the Aussie Rebel Beat down idea
                        Deny.de is another good place..
                        I know what they are doing and how, but I dont know how to stop them. Its the friggin proxy servers that are the problem. Sometimes they even use AOL proxy servers and you sure cant block those..

                        Comment

                        • pr0
                          rockin tha trailerpark
                          • May 2001
                          • 23088

                          #13
                          no....the aol & large isp ones, you really cannot stop.


                          however the foregin open port 8080,80 etc. you can stop ..but you would have to ping every visitor that came to your site.

                          So basically your fucked unless your friends with the crackers ; )


                          I suggest you hire AUssie Rebel to take out the trash =)
                          __________
                          Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

                          Comment

                          • pr0
                            rockin tha trailerpark
                            • May 2001
                            • 23088

                            #14
                            FYI - deny.de is no longer
                            __________
                            Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

                            Comment

                            • ^R3K^
                              Confirmed User
                              • Sep 2001
                              • 2815

                              #15
                              i had a long paragraph here, but i gave up on it because no matter what i say people are going to do the opposite
                              no business like ho business

                              Http://www.natnet.com
                              No Hype, Just Results

                              Comment

                              • ^R3K^
                                Confirmed User
                                • Sep 2001
                                • 2815

                                #16
                                Originally posted by pr0
                                So basically your fucked unless your friends with the crackers ; )
                                you making my ass pucker with this shit
                                no business like ho business

                                Http://www.natnet.com
                                No Hype, Just Results

                                Comment

                                • Sleepy
                                  Confirmed User
                                  • Nov 2001
                                  • 679

                                  #17
                                  Originally posted by ^R3K^
                                  i had a long paragraph here, but i gave up on it because no matter what i say people are going to do the opposite
                                  Id like to hear what you have to say. Im listening.

                                  Comment

                                  • Sleepy
                                    Confirmed User
                                    • Nov 2001
                                    • 679

                                    #18
                                    Originally posted by pr0
                                    FYI - deny.de is no longer
                                    Im in the site - they lowbrow the hacking stuff but its all there.

                                    Comment

                                    • pr0
                                      rockin tha trailerpark
                                      • May 2001
                                      • 23088

                                      #19
                                      Ahhhhh ok the other day it was going to security.de or sum shit.

                                      Guess they got it back up ; )
                                      __________
                                      Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

                                      Comment

                                      • kmanrox
                                        aka K-Man
                                        • Oct 2001
                                        • 29295

                                        #20
                                        LoL i invented this technology for porn sites in 1995 thru CyberErotica...
                                        Crypto HODLr
                                        Crypto mining
                                        Angel investor

                                        Comment

                                        • erotictrance
                                          Confirmed User
                                          • Oct 2001
                                          • 328

                                          #21
                                          BTW Sleepy ... terrific thread ... thank you very much ...

                                          Very informative ...
                                          erotictrance

                                          Comment

                                          • Keev
                                            Confirmed User
                                            • May 2001
                                            • 5335

                                            #22
                                            Talk to Oliver Klozov he has some good shit on the way
                                            ReliableServers.com - NO REF LINK!

                                            Comment

                                            • Sleepy
                                              Confirmed User
                                              • Nov 2001
                                              • 679

                                              #23
                                              Originally posted by erotictrance
                                              BTW Sleepy ... terrific thread ... thank you very much ...

                                              Very informative ...
                                              Thanks I guess :D I dont feel informative but .. I guess it is really :D

                                              Comment

                                              • erotictrance
                                                Confirmed User
                                                • Oct 2001
                                                • 328

                                                #24
                                                Well Sleepy, I don't really know this tech stuff very well ... so excuse my ignorance ...

                                                But I am trying to learn ... so I am grateful for this thread ...

                                                And what I continually hear is that any off the shelf password protect program does tend to get hacked eventually ... obviously because a lot of webmasters use it ... and the hackers get a lot of mileage out of it ...

                                                The only real solution that I can see is to develop your own proprietary stuff ...

                                                But that's bad news for someone like me who doesn't have the means or expertise to do so ...
                                                Last edited by erotictrance; 01-30-2002, 11:28 AM.
                                                erotictrance

                                                Comment

                                                • Sleepy
                                                  Confirmed User
                                                  • Nov 2001
                                                  • 679

                                                  #25
                                                  Originally posted by erotictrance
                                                  Well Sleepy, I don't really know this tech stuff very well ... so excuse my ignorance ...
                                                  Im not teasing you. Im looking for info. Im not 'too informative' today wasnt meant to insult you or anything. Once a year I have to catch up on the latest hacks and today is that day.

                                                  Comment

                                                  • erotictrance
                                                    Confirmed User
                                                    • Oct 2001
                                                    • 328

                                                    #26
                                                    Oh ... I wasn't feeling insulted at all Sleepy ...

                                                    I am, in fact, ignorant on a lot of this stuff ... LOL. I was just stating the truth about myself ... not responding to you in that regard ...

                                                    If you do come up with some solution to all of this though ... I'm all ears ...
                                                    erotictrance

                                                    Comment

                                                    • erotictrance
                                                      Confirmed User
                                                      • Oct 2001
                                                      • 328

                                                      #27
                                                      Originally posted by ^R3K^
                                                      i had a long paragraph here, but i gave up on it because no matter what i say people are going to do the opposite
                                                      I'm listening too ... BTW
                                                      erotictrance

                                                      Comment

                                                      • IntheBlue
                                                        Registered User
                                                        • Aug 2001
                                                        • 70

                                                        #28
                                                        Sleepy,

                                                        If you want to block 95% of the button pushers, make your login a form based login like globill. You will notice a dramatic decrease.


                                                        Note: let's see if my signature is wack.

                                                        Comment

                                                        • leverage7
                                                          Registered User
                                                          • Jun 2002
                                                          • 9

                                                          #29
                                                          Ovelo Sentry, www.ovelo.com, doesn't require root like Pennywize so there isn't a security breach!

                                                          Comment

                                                          Working...