How do password trading sites get the passwords?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Lord Voldemort
    Confirmed User
    • Nov 2008
    • 181

    #1

    How do password trading sites get the passwords?

    Several passwords were traded for my partner's site and he ended up with over $1000 in bandwidth overage fees. All the passwords were legitimate passwords in the htpassword file, created on very different dates from IPs in different countries, so we're wondering how the hell those fuckers got the passwords.
    Anybody knows?
    You can't buy love. But you can adopt!
  • MakingItPay
    Confirmed User
    • Feb 2005
    • 1922

    #2
    They sometimes hack your server. Members share them, etc. But you gotta pony up the money to have a proxypass or phantomfrog to keep these jerks from eating you up. It is well worth it.
    Giant Boob High Def Trifectas
    http://www.TrifectaBucks.com

    3D Super Sites that Sell
    http://www.ThrillBucks.com

    Giant Boobs Anyone?
    http://www.MakingitPay.com

    ICQ me at 213177906

    Comment

    • bean-aid
      So Fucking Banned
      • Jun 2011
      • 16493

      #3
      Teencat would know.

      Plus he should be protecting his server for multiple logins, ask around. Several good options

      Comment

      • alias
        aliasx
        • Apr 2001
        • 19010

        #4
        Brute force with proxies using word lists is one way.
        https://porncorporation.com

        Comment

        • BNMedia
          Confirmed User
          • Nov 2009
          • 433

          #5
          Do your self a favour and get Strongbox. Could have saved you the $1000 overage!
          They will also upgrade the encryption (if you ask them) to make the password file much harder to hack ;-)
          Speak to Ray Morris, Raymor on here I think.
          ---------------------------------------------------------
          Webmaster of www.kinkykicks.net - Your 1 stop resource for ballbusting and cruel sexual femdom.
          Join our affiliate program at www.cash4kicks.com

          Comment

          • Roald
            SecretFriends.com
            • May 2001
            • 27910

            #6
            is your partner using some sort of protection like strongbox?


            WE ARE BUYING PAY SITES! CONTACT ME



            ClubSweethearts | ManUpFilms | SinfulXXX | HOT * AdultPrime * HOT


            Paying webmasters since 1996! Contact: r.riepen @ sansylgroup.com | telegram: roaldr

            Comment

            • spazlabz
              Confirmed User
              • Jul 2003
              • 6548

              #7
              Originally posted by alias
              Brute force with proxies using word lists is one way.
              pretty common for the script kiddie crowd

              Comment

              • x-rate
                Confirmed User
                • Jun 2008
                • 725

                #8
                It's say by itself.... they trade it! :P
                Have quality traffic? Make money with Crakrevenue
                Email: misterxmtl @ hotmail.com
                Skype: misterxmtl

                Comment

                • AdultEUhost
                  ORLY?
                  • Oct 2005
                  • 2579

                  #9
                  Of course every case is different but mostly people really sign up and either download the entire members area to upload it on torrents etc or they publish the login on a password forum. Mostly because they want to be cool or keep a good reputation on these forums.
                  ICQ: 267-443-722 / leon [at] adulteuhost [dotcom]

                  Nominated for an XBIZ Award as "Webhost of the Year" in 2007, 2012, 2013 and 2014

                  Comment

                  • fris
                    Too lazy to set a custom title
                    • Aug 2002
                    • 55693

                    #10
                    i dont feel sorry for companies that still use htaccess and pennywize, its their own fault.
                    Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                    Comment

                    • Adult Insider Dave
                      Confirmed User
                      • Jun 2005
                      • 533

                      #11
                      Originally posted by Lord Voldemort
                      Several passwords were traded for my partner's site and he ended up with over $1000 in bandwidth overage fees. All the passwords were legitimate passwords in the htpassword file, created on very different dates from IPs in different countries, so we're wondering how the hell those fuckers got the passwords.
                      Anybody knows?
                      Hack attempts at your server is the most common I would say based on what I've seen. We implemented a lot of different ways to help prevent this on our backends including when a login is used from more that X number of IP's they get disabled. This will fix most of the overage problems, since when a password is shared on most of this shit sites you'll see a flood of logins with the same user from multiple IP's within a matter of minutes/hours.

                      Often times though you need to be aware that a legit member could be effected so you need to change their user/pass and get it to them ;)
                      Promote our penis growth and acne books, earn 75% on sales and rebills.

                      Contact me if you want a custom backend like Pornstarbucks and Freenetpass integrated with any billing gateway:

                      Comment

                      • Adult Insider Dave
                        Confirmed User
                        • Jun 2005
                        • 533

                        #12
                        Also be aware that if you offer a free or low cost trial there is a greater chance that the password is bought just to share with their group. Keep your eye on those ;)
                        Promote our penis growth and acne books, earn 75% on sales and rebills.

                        Contact me if you want a custom backend like Pornstarbucks and Freenetpass integrated with any billing gateway:

                        Comment

                        • lucas131
                          ¯\_(ツ)_/¯
                          • Aug 2004
                          • 11475

                          #13
                          rich people buy memberships, they share maximum with close friends. nobody is sharing his own membership in public, not anymore. all logins are hacked, from database, from emails, or from pay gateways. if you see traffic on your logins, put the login into google and see how much results will show up. if no login, mostly you are hacked, check your database and server logs and so, fill the holes. if you see hacked combos in google, paying owner is using the same combo to every site he buy. all is going from private, hacker are hacking databases, some rats are stealing the databases and put them public, there some self called hackers runs machines with proxies and trying to use the combos to every site where it is possible. so, at the end, it is fault of the site that it is opened, hacked, or it has low security, and having low security today is like sharing your password in your sig. enjoy, i mean, have luck

                          Comment

                          • Fenris Wolf
                            Confirmed User
                            • Nov 2005
                            • 1060

                            #14
                            If you are using an old fashioned .htpasswd file that's only encrypted with the most common method, that's an algorithm called DES which is next to worthless. If those DES encrypted passwords are based on English words, which they normally are if you let your users choose their own passwords, a cracker can decrypt many of those passwords within seconds. You'll want to secure your passwords better than that.

                            First, how to know if this is a problem for you: 1) If you let users choose their own passwords you have a problem. 2) If your database or password file has the passwords in it in clear text you have a problem. 3) If each line of your password file has the user name, a colon, then 13 characters you have a problem. 4) If any of 1-3 applies to you and you run PHP scripts, you probably have a bigger problem.

                            PHP scripts make the problem worse because most of them, including most of the most popular ones, include a security hole that will let the attacker download your password list or database. So especially if you use PHP you'll want to be sure your password list is not easily cracked.

                            DES encryption, used in most .htpasswd files, is no longer effective. I've run a cracker program against some customers' password lists and indeed I was able to crack many passwords in seconds. Part of the reason it's so weak is that it only uses the first 8 characters of the password. With user chosen passwords the first 8 characters are often found in a crackers dictionary because they choose passwords based on English words.
                            You can read more at https://www.bettercgi.com/strongbox/passgen/ and when you are done reading have your friend get Strongbox. It will be the best $159.00 he will ever spend.
                            Last edited by Fenris Wolf; 12-15-2011, 05:08 PM.
                            Email: fenris_wolf3000 (a t ) yah00 . c 0 m

                            Comment

                            • Lace
                              Too lazy to set a custom title
                              • Mar 2004
                              • 16116

                              #15
                              Originally posted by lucas131
                              rich people buy memberships, they share maximum with close friends. nobody is sharing his own membership in public, not anymore. all logins are hacked, from database, from emails, or from pay gateways. if you see traffic on your logins, put the login into google and see how much results will show up. if no login, mostly you are hacked, check your database and server logs and so, fill the holes. if you see hacked combos in google, paying owner is using the same combo to every site he buy. all is going from private, hacker are hacking databases, some rats are stealing the databases and put them public, there some self called hackers runs machines with proxies and trying to use the combos to every site where it is possible. so, at the end, it is fault of the site that it is opened, hacked, or it has low security, and having low security today is like sharing your password in your sig. enjoy, i mean, have luck
                              Ding, ding, ding. Brute force is so 2001.
                              Your Paysite Partner
                              Strength In Numbers!
                              StickyDollars | RadicalCash | KennysPennies | HomegrownCash

                              Comment

                              Working...