Pennywize Questions - GoFuckYourself.com

Shoplifter · 02-17-2003, 03:14 AM

I Pennywized 4 of my sites last week and so far it is working pretty well. Judging from what I see now I would say that perhaps as much as 50% of my bandwidth was being used by stolen traffic. The brute force blocking has helped cut down the number of compromised new ID's as well.

The question is - If you are on the 399 login per day plan and you get 400 logins what happens? Does it cease to work until the next day?

SpaceAce · 02-17-2003, 03:18 AM

If you actually have 399 members logging in in a single day, can't you just afford the $170 unlimited plan?

SpaceAce

chupacabra · 02-17-2003, 03:18 AM

Shoplifter, is this the first time used used a script or package to protect against password trading, or is Pennywise replacing another solution on your box and works that much better than the previous script..?

BigFrog · 02-17-2003, 03:20 AM

this can be answered on the pennywize page.

pennywize still functions but doesnt block access i believe.

Shoplifter · 02-17-2003, 03:20 AM

Quote:

Originally posted by SpaceAce
If you actually have 399 members logging in in a single day, can't you just afford the $170 unlimited plan?

SpaceAce

Actually I went to upgrade plans but the only option is to buy a complete new plan and not merely upgrade the one I have had for only 4 days. My logins are at about 420 or so a day.

Shoplifter · 02-17-2003, 03:22 AM

Quote:

Originally posted by chupacabra
Shoplifter, is this the first time used used a script or package to protect against password trading, or is Pennywise replacing another solution on your box and works that much better than the previous script..?

Pennywize is my first. I have been under brutal attack from the Korean BBS crew for the past couple weeks.

PornoBug · 02-17-2003, 03:29 AM

I fail to see how Pennywize is worth the supposed extra benefit you would gain from using it. Surely there are free, basic things you can do yourself to bring password traders to their knees.

Three free methods I use which I am happy to share are:

1. Have a form which prompts people for their username before they are taken to the a page with a link to the htacess protected part of the site, this stops most brute force scripts dead.

2. Use simple cookies on the main members page which are required to see the page. More than one login from a single IP results in the cookie being invalidated.
A few lines of php and a mysql database are all that are required for this.

3. Fairly obviously, keep all your scripts for username & password generation safe. make sure proper file permissions are applied to these scripts and they are not stored in obvious places. if your processor (many do) lets you rename the add user cgi then use a name which is difficult to guess.

These methods are free and have prevented my sites from being abused by password traders.

BigFrog · 02-17-2003, 03:31 AM

if you want some help in dealing with the situation i can give you some pointers...

icq me
93437521

BigFrog · 02-17-2003, 03:34 AM

Quote:

Originally posted by Sexfind

1. Have a form which prompts people for their username before they are taken to the a page with a link to the htacess protected part of the site, this stops most brute force scripts dead.

#1 is basically useless....just ask AB

PornoBug · 02-17-2003, 03:38 AM

Quote:

Originally posted by BigFrog

#1 is basically useless....just ask AB

If it stops most password scripts which, judging from watching my logs daily, it does then it's not useless.

Anyway it's just one of a number of things you can do to minimise the chance of being raped by script kiddies.

Shoplifter · 02-17-2003, 03:40 AM

Quote:

Originally posted by Sexfind
I fail to see how Pennywize is worth the supposed extra benefit you would gain from using it. Surely there are free, basic things you can do yourself to bring password traders to their knees.

The main benefit of Pennywize in my case was that I could set it up in 10 minutes with no significant alterations to my sites. I'm going to study what happens for a little while and then see what I can do.

I know of a few sites that are now using DMR licenses for their movie files....I'm thinking along these lines to completely control content access even after media is downloaded. One site I have been watching now grants 3 day licenses only for each WMV file.

wwwcashmountain · 02-17-2003, 04:26 AM

Hey Shoplifter

Just chat to Steve @ Pennywize

I am sure you can just pay the difference by paypal or something - or he will probably just even give you free time.

Robert.

Petr · 02-17-2003, 04:30 AM

#2 means that your site will not work with dynamic proxies including AOL

02-17-2003, 04:26 AM	#12
wwwcashmountain Confirmed User Join Date: Dec 2002 Posts: 194	Hey Shoplifter Just chat to Steve @ Pennywize I am sure you can just pay the difference by paypal or something - or he will probably just even give you free time. Robert. __________________ SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

02-17-2003, 03:14 AM	#1
Shoplifter Richest man in Babylon Industry Role: Join Date: Jan 2002 Location: Posts: 10,002 Posts: 5,732	Pennywize Questions I Pennywized 4 of my sites last week and so far it is working pretty well. Judging from what I see now I would say that perhaps as much as 50% of my bandwidth was being used by stolen traffic. The brute force blocking has helped cut down the number of compromised new ID's as well. The question is - If you are on the 399 login per day plan and you get 400 logins what happens? Does it cease to work until the next day?

02-17-2003, 03:18 AM	#2
SpaceAce Confirmed User Join Date: Jul 2002 Location: Magrathea Posts: 6,493	If you actually have 399 members logging in in a single day, can't you just afford the $170 unlimited plan? SpaceAce

02-17-2003, 03:18 AM	#3
chupacabra Confirmed User Join Date: Sep 2002 Posts: 3,626	Shoplifter, is this the first time used used a script or package to protect against password trading, or is Pennywise replacing another solution on your box and works that much better than the previous script..?

02-17-2003, 03:20 AM	#4
BigFrog Confirmed User Join Date: Sep 2002 Posts: 2,057	this can be answered on the pennywize page. pennywize still functions but doesnt block access i believe.

02-17-2003, 03:29 AM	#7
PornoBug Confirmed User Industry Role: Join Date: Oct 2002 Location: Australia Posts: 237	I fail to see how Pennywize is worth the supposed extra benefit you would gain from using it. Surely there are free, basic things you can do yourself to bring password traders to their knees. Three free methods I use which I am happy to share are: 1. Have a form which prompts people for their username before they are taken to the a page with a link to the htacess protected part of the site, this stops most brute force scripts dead. 2. Use simple cookies on the main members page which are required to see the page. More than one login from a single IP results in the cookie being invalidated. A few lines of php and a mysql database are all that are required for this. 3. Fairly obviously, keep all your scripts for username & password generation safe. make sure proper file permissions are applied to these scripts and they are not stored in obvious places. if your processor (many do) lets you rename the add user cgi then use a name which is difficult to guess. These methods are free and have prevented my sites from being abused by password traders.

02-17-2003, 03:31 AM	#8
BigFrog Confirmed User Join Date: Sep 2002 Posts: 2,057	if you want some help in dealing with the situation i can give you some pointers... icq me 93437521

02-17-2003, 04:30 AM	#13
Petr Confirmed User Join Date: Mar 2002 Posts: 502	#2 means that your site will not work with dynamic proxies including AOL