Hack protection-->pennywize addon would be nice, is this already in the market? - GoFuckYourself.com

justsexxx · 01-23-2003, 03:27 AM

Hi,

Question, I'm thinking of using pennywize for protections against password trades, and brute force attacks.

BUT, now I understood, you have to create a new password for the members who did get out of the DB, and email him/her.

Is there a way when a passwrd het blocked, an email is send automatically to the "real"member, and in this email, the reason, and the new passwrd is included?

Andre

Danielle · 01-23-2003, 03:34 AM

That's not really a good idea if you use pennywize or even our product Stop That Hacker http://www.stopthathacker.com

For the following reason.

Once you stop brute force attacks 99.99% of all your password sharing is from the member giving out his password or from credit card fraud. So why email him a new password so he can give it out again? Make him explain why he gave it out in the first place.

Plus most password sharring ends up in a chargeback anyway.

So kill the account. Kill the rebilling and forget it.

Hugs,
Danielle

salsbury · 01-23-2003, 05:16 AM

i'd suggest letting them reset their password up to twice, and then after that, have them explain it. send them an e-mail with a link they have to click to reset the password and everything. maybe even generate the password for them at that point.

goBigtime · 01-23-2003, 05:19 AM

Quote:

Originally posted by Danielle

So kill the account. Kill the rebilling and forget it.

Great advice

justsexxx · 01-23-2003, 05:58 AM

Quote:

Originally posted by Danielle
That's not really a good idea if you use pennywize or even our product Stop That Hacker http://www.stopthathacker.com

For the following reason.

Once you stop brute force attacks 99.99% of all your password sharing is from the member giving out his password or from credit card fraud. So why email him a new password so he can give it out again? Make him explain why he gave it out in the first place.

Plus most password sharring ends up in a chargeback anyway.

So kill the account. Kill the rebilling and forget it.

Hugs,
Danielle

I don't agree on that. Also Brute password hackers do get the passwords of the legit members. Killing them would be stupid then!

BTW your program, why is that better then pennywize? You have sites using your script?(because the price is so low, and the design of your site is not so good, makes me suspicious. A demo would be great

ANdre

JimW · 01-23-2003, 09:20 AM

what are you thoughts on the effectiveness of http://www.passwdcop.com/

?

justsexxx · 01-23-2003, 09:50 AM

Quote:

Originally posted by JimW
what are you thoughts on the effectiveness of http://www.passwdcop.com/

?

Looks like it only protects you from password traders. I don't see anything over 3 failed logins etc...

500 dollar looks a bit pricey to me for that feature....

Andre

CrazyNakedChick · 01-23-2003, 09:56 AM

i tried pennywize about 4 years ago or so, stopped using them.

i didn't like the way they jerked my 401 traffic to their benefit -
ads pages. their service works well, i just thought paying them *and* giving them hits to their 401 pages excessive....even if it is crap traffic. ;)

they may have stopped taking everyone's 401 traffic by now, for the record i can't say as it's been years since i messed with them.

Jizar II · 01-23-2003, 10:10 AM

Quote:

Originally posted by justsexxx

Is there a way when a passwrd het blocked, an email is send automatically to the "real"member, and in this email, the reason, and the new passwrd is included?

Andre

I think this is a great idea, and I was actually in the middle of getting such an solution made, I think the easiest way is to have the member info in a DB.. so you can keep track of how many times you have issued a new pass ect. I also disagree with Danialle.. killing all blocked accounts would be very stupid.. in our case most of these are legit users who never get blocked again after we give them a new password.

OneHungLo · 01-23-2003, 10:24 AM

Quote:

Originally posted by Danielle
That's not really a good idea if you use pennywize or even our product Stop That Hacker http://www.stopthathacker.com

For the following reason.

Once you stop brute force attacks 99.99% of all your password sharing is from the member giving out his password or from credit card fraud. So why email him a new password so he can give it out again? Make him explain why he gave it out in the first place.

Plus most password sharring ends up in a chargeback anyway.

So kill the account. Kill the rebilling and forget it.

Hugs,
Danielle

Not even close...99% is from hackers hacking the password file and stealing the passwords.

justsexxx · 01-23-2003, 01:38 PM

No programs capable of doing that?

Andre

boldy · 01-23-2003, 01:57 PM

I once wrote a possible solution for free

http://www.kimhollandcash.com/bforce.php

tata ..

BrutalMaster · 01-23-2003, 03:09 PM

Pennywize now lets you direct the failed logins to a different URL.

I use Pennywize, these days I simply wouldn't be without some sort of password trader/brute force protection.

What I've been doing is killing the accounts of people who obviously have compromised passwords and sending them an E-mail asking them to get in touch so I can issue them a new ID/PW. I've found that the people how get in touch never seem to have another problem, leading me to believe their ID/PW was hacked by someone else, not traded by them. The ones who don't get in touch (who have also been consistently the ones with PW/IDs coming form the most subnets) tend to chargeback.

The conclusion is that the worst offenders buy a site, then trade that PW/ID on a board, and when they get caught, they charge back.

Again, another example of VISA and MC not giving a shit about people who are just criminals as long as they are cardholders.

Brutal

Danielle · 01-23-2003, 09:47 PM

justsexxx,

We have sold tons of copies at over $300.00 and never had a complaint. Yes the site design sucks. LOL The program has been around a long time. Stop That Hacker runs 100% on YOUR server! So you don't have to worry about the other guy being down.

The price was reduced so no one with a paysite could ever say they can't afford a password hacking solution.

Not sure about the others but ours stops HEAD brute force attacks at 0 tries! If a head request (The most popular type of brute force hacking) is received to a protected area it is sent to /dev/null and not even responded to.

OneHungLo,

If the hackers are getting your passwords what ever you are using to stop brute force attacks must really suck.

Or are you forgeting to protect things like formmail.pl on your site?

Hugs,
Danielle

wwwcashmountain · 01-23-2003, 09:58 PM

Hi

We use pennywize on all our sites, it's teriffic, and i would hate to live without some kind of protection.

Their new version 3 allows you to redirect all your abused traffic to a URL of your choice - which is pretty kewl. It's only 401 traffic, but still.

Their version 3 one has way improved brute force protection too - Steve showed me how it worked once and it was a real eye opener. Anyway that's my $0.02!

thanks,

Robert

justsexxx · 01-24-2003, 12:16 AM

Quote:

Originally posted by Danielle
justsexxx,

We have sold tons of copies at over $300.00 and never had a complaint. Yes the site design sucks. LOL The program has been around a long time. Stop That Hacker runs 100% on YOUR server! So you don't have to worry about the other guy being down.

The price was reduced so no one with a paysite could ever say they can't afford a password hacking solution.

Not sure about the others but ours stops HEAD brute force attacks at 0 tries! If a head request (The most popular type of brute force hacking) is received to a protected area it is sent to /dev/null and not even responded to.

OneHungLo,

If the hackers are getting your passwords what ever you are using to stop brute force attacks must really suck. Or are you forgeting to protect things like formmail.pl on your site?

Hugs,
Danielle

Okay, well I'm not a security expert

Can I email you, or talk with you on ICQ?

Andre

drunkdollars · 01-24-2003, 12:20 AM

proxie-pass.com

I think I post this once a week It saved us from a $1000 a day hacked pass problem

Danielle · 01-24-2003, 02:40 AM

justsexxx,

I can do one better. My husband created the script. You can reach him at [email protected]

I told him to expect your email.

Hugs,
Danielle

justsexxx · 01-24-2003, 04:27 AM

Quote:

Originally posted by Danielle
justsexxx,

I can do one better. My husband created the script. You can reach him at [email protected]

I told him to expect your email.

Hugs,
Danielle

Okay

I mail you later today

Andre

01-23-2003, 03:27 AM	#1
justsexxx Too lazy to set a custom title Join Date: Aug 2001 Location: The Netherlands Posts: 13,723	Hack protection-->pennywize addon would be nice, is this already in the market? Hi, Question, I'm thinking of using pennywize for protections against password trades, and brute force attacks. BUT, now I understood, you have to create a new password for the members who did get out of the DB, and email him/her. Is there a way when a passwrd het blocked, an email is send automatically to the "real"member, and in this email, the reason, and the new passwrd is included? Andre __________________ Questions? ICQ: 125184542

01-23-2003, 05:16 AM	#3
salsbury Confirmed User Join Date: Feb 2002 Location: Seattle Posts: 1,070	i'd suggest letting them reset their password up to twice, and then after that, have them explain it. send them an e-mail with a link they have to click to reset the password and everything. maybe even generate the password for them at that point. __________________

01-23-2003, 01:38 PM	#11
justsexxx Too lazy to set a custom title Join Date: Aug 2001 Location: The Netherlands Posts: 13,723	No programs capable of doing that? Andre __________________ Questions? ICQ: 125184542

01-23-2003, 01:57 PM	#12
boldy Macdaddy coder Industry Role: Join Date: Feb 2002 Location: MacDaddy pimp coder Posts: 2,806	I once wrote a possible solution for free http://www.kimhollandcash.com/bforce.php tata .. __________________ MacDaddy Coder.

01-23-2003, 03:09 PM	#13
BrutalMaster Confirmed User Join Date: Oct 2002 Location: New England, US Posts: 256	Pennywize now lets you direct the failed logins to a different URL. I use Pennywize, these days I simply wouldn't be without some sort of password trader/brute force protection. What I've been doing is killing the accounts of people who obviously have compromised passwords and sending them an E-mail asking them to get in touch so I can issue them a new ID/PW. I've found that the people how get in touch never seem to have another problem, leading me to believe their ID/PW was hacked by someone else, not traded by them. The ones who don't get in touch (who have also been consistently the ones with PW/IDs coming form the most subnets) tend to chargeback. The conclusion is that the worst offenders buy a site, then trade that PW/ID on a board, and when they get caught, they charge back. Again, another example of VISA and MC not giving a shit about people who are just criminals as long as they are cardholders. Brutal __________________ "Don't worry, I won't bite...oh, wait a minute, I forgot, yes I will." www.brutalmaster.com

01-23-2003, 03:34 AM	#2
Danielle Confirmed User Join Date: Jun 2002 Location: My Coffin Posts: 1,227	That's not really a good idea if you use pennywize or even our product Stop That Hacker http://www.stopthathacker.com For the following reason. Once you stop brute force attacks 99.99% of all your password sharing is from the member giving out his password or from credit card fraud. So why email him a new password so he can give it out again? Make him explain why he gave it out in the first place. Plus most password sharring ends up in a chargeback anyway. So kill the account. Kill the rebilling and forget it. Hugs, Danielle

01-23-2003, 09:20 AM	#6
JimW Confirmed User Join Date: Dec 2002 Location: Dallas, TX Posts: 422	what are you thoughts on the effectiveness of http://www.passwdcop.com/ ?

01-23-2003, 09:56 AM	#8
CrazyNakedChick Confirmed User Join Date: Mar 2002 Location: Infidelville Posts: 1,902	i tried pennywize about 4 years ago or so, stopped using them. i didn't like the way they jerked my 401 traffic to their benefit - ads pages. their service works well, i just thought paying them and giving them hits to their 401 pages excessive....even if it is crap traffic. ;) they may have stopped taking everyone's 401 traffic by now, for the record i can't say as it's been years since i messed with them.

01-23-2003, 09:47 PM	#14
Danielle Confirmed User Join Date: Jun 2002 Location: My Coffin Posts: 1,227	justsexxx, We have sold tons of copies at over $300.00 and never had a complaint. Yes the site design sucks. LOL The program has been around a long time. Stop That Hacker runs 100% on YOUR server! So you don't have to worry about the other guy being down. The price was reduced so no one with a paysite could ever say they can't afford a password hacking solution. Not sure about the others but ours stops HEAD brute force attacks at 0 tries! If a head request (The most popular type of brute force hacking) is received to a protected area it is sent to /dev/null and not even responded to. OneHungLo, If the hackers are getting your passwords what ever you are using to stop brute force attacks must really suck. Or are you forgeting to protect things like formmail.pl on your site? Hugs, Danielle

01-23-2003, 09:58 PM	#15
wwwcashmountain Confirmed User Join Date: Dec 2002 Posts: 194	Hi We use pennywize on all our sites, it's teriffic, and i would hate to live without some kind of protection. Their new version 3 allows you to redirect all your abused traffic to a URL of your choice - which is pretty kewl. It's only 401 traffic, but still. Their version 3 one has way improved brute force protection too - Steve showed me how it worked once and it was a real eye opener. Anyway that's my $0.02! thanks, Robert __________________ SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

01-24-2003, 12:20 AM	#17
drunkdollars Confirmed User Join Date: Apr 2002 Location: Club Drunk Posts: 2,734	proxie-pass.com I think I post this once a week It saved us from a $1000 a day hacked pass problem __________________ SIGS ARE GAY 98055668 icq

01-24-2003, 02:40 AM	#18
Danielle Confirmed User Join Date: Jun 2002 Location: My Coffin Posts: 1,227	justsexxx, I can do one better. My husband created the script. You can reach him at [email protected] I told him to expect your email. Hugs, Danielle