Most 'hackers' use stolen creditcards # and sign up via an AOL account using an address of the CC's country of origin. If they had enough of it, they post the username/pw on a password site.
People then think their site is hacked while it's not.
If you use Apache 1.23.26 (or higher) and your Linix box doesn't contain all kind of shit that have open ports (webmin etc.) and the box is normally closed with IPChains, you're pretty much done.
Pennywize should then take care of brute force password tries and multiple users logging in from different IP's with the same username and password.
Thanks. We dont have any bandwidth spurts or even problems really regarding password trading, since penny does take care of that, but I have a few members bitch and moan about how they are not trading their passes and blah blah blah.. and that the htaccess has been hacked and that their pass was just stolen...
We dont keep that info on our sites or servers, so IF these members are telling the truth, which I highly doubt, then hackers are able to find a pass here and there, that works, before penny blocks from brute force and it just happens to be one of those complaining ho's passes.
I guess I just to confirm if htaccess is replaceable with a better means of protection against this or what should I tell these guys, IF they are honest?
Should I just change their userpass once and slap em on the wrist and if it happens again, they're fucked? That is what I do now. Only if they write, which is rare. Maybe 1 a month or max 2.
Originally posted by MarcoTC Most 'hackers' use stolen creditcards # and sign up via an AOL account using an address of the CC's country of origin. If they had enough of it, they post the username/pw on a password site.
People then think their site is hacked while it's not.
If you use Apache 1.23.26 (or higher) and your Linix box doesn't contain all kind of shit that have open ports (webmin etc.) and the box is normally closed with IPChains, you're pretty much done.
Pennywize should then take care of brute force password tries and multiple users logging in from different IP's with the same username and password.
your wrong dick wad
If they used a stolen CC then there not a hacker
Comment