How does hacker access ccbill password list

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • vividere
    Registered User
    • Sep 2005
    • 7

    #1

    How does hacker access ccbill password list

    Yesterday one of my domains had hacked name/password on it that didn't come through ccbill. They were not able to help me with how it was done. They mention directlink but I don't have that so that wasn't the method. I don't think my domain or server password was used. Other than those two methods, how else could this have been done.

    The culprit was bestpasswords/passdb.

    Thanks for any help on this!
  • Ladis
    Confirmed User
    • Jun 2002
    • 430

    #2
    try pennywize.com to protect your sites
    AS CUBE - powerful backend for CCBill powered affiliate programs.
    Yetis Cash - high converting sites, 10% referal, 2500+ unique hosted gals,rss feeds,flv

    Comment

    • SensationalCash
      Confirmed User
      • Sep 2003
      • 539

      #3
      i use botbuster http://www.botbuster.com
      a good custom program
      Tell them clint from pimpcash.com reffered you

      Comment

      • faxxaff
        Confirmed User
        • Dec 2002
        • 2134

        #4
        I use this software. It blocks a lot of illegal shit:

        http://webcomposing.com/webcomposing...i-programs.htm
        Asian Babes

        Comment

        • alexbell
          Confirmed User
          • Sep 2005
          • 2248

          #5
          great links

          Comment

          • vividere
            Registered User
            • Sep 2005
            • 7

            #6
            Hello,

            Maybe I am more naive then I thought or I didn't ask the question very clearly.

            My problem isn't brute force attacks. The problem isn't a person getting a signon/password on my site. This person got into my site and manually modified the password file used by ccBill.

            I want to know how a person did that? I have a sophisticated password for the site that I doubt they could have known. I don't think they FTP'd in, grabbed the file, modified it, and uploaded it. I think they must have gotten in some other way? Found some other method to modify the password file without having FTP access?

            This is the mystery. I know when a client with a signon like brooklyn/bridge gets hacked. That makes sense and can readily be found with a dictionary lookup.

            That doesn't explain how they accessed my domain and ADDED a name to the password list?

            Comment

            • vividere
              Registered User
              • Sep 2005
              • 7

              #7
              BTW, I tried Pennywize but their support is the worse I have ever encountered and the last time I checked their program doesn't work with my control panel, Ensim Pro 3.5.

              It was suggested I try some other programs that are similar to Pennywize but haven't tried them yet. None of the suggestions deal with the original question however.

              Thanks!

              Comment

              • vividere
                Registered User
                • Sep 2005
                • 7

                #8
                I also looked at Robot Control that was suggested. It says they aren't taking new orders "until after 5/1/05" and the incredible amount of typos and bad grammar are a turn off to me. Maybe the author would trade a copy of their program in exchange for running their page through a spell/grammar checker

                Comment

                • Radik
                  Confirmed User
                  • Sep 2003
                  • 808

                  #9
                  Hey, that can be a bad thing; and i've also had the problem before. I like yourself never got anything back from ccbill, in the end once i did the audit on the customers server I just restricted access to the ccbill-local to only ccbill ip blocks. I've seen a few versions of the ccbill local; i would upgrade, or check if it's atleast the one they are currently deploying.

                  <Files ~ "^ccbill-local.cgi">
                  deny from all
                  allow from 64.38.194
                  allow from 64.38.240
                  allow from 64.38.241
                  </Files>

                  good luck.

                  100% Exclusive, Check Us Out!

                  Comment

                  Working...