|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
02-20-2003, 06:25 AM
|
#1 |
|
Confirmed User
Join Date: Feb 2003
Posts: 276
|
Hacked Passwords Are Over, Let the Spoofs Begin
About a year ago I noticed this pirate program called Zspoof, which basically fakes the referring url on htaccess and gives total access to a site.
Well, it's all over the pirate boards now, and they love it because the spoofs last a lot longer than hacked passwords which, with a few exceptions, tend to die pretty quickly. The scariest thing is --- as far as I know --- there is no fix for Zspoof whatsoever, except dumping htaccess. A real nightmare for the content providers, among others. |
|
|
|
02-20-2003, 06:28 AM
|
#2 |
|
No Refunds Issued.
Industry Role:
Join Date: Feb 2001
Location: GFY
Posts: 28,300
|
woo hoo !! free porn !!
|
|
|
|
|
02-20-2003, 06:30 AM
|
#3 | |
|
Confirmed User
Join Date: Feb 2003
Posts: 276
|
Quote:
But I forgot there are so many thieves here. Fuck it. |
|
|
|
|
|
02-20-2003, 06:41 AM
|
#4 |
|
No Refunds Issued.
Industry Role:
Join Date: Feb 2001
Location: GFY
Posts: 28,300
|
|
|
|
|
|
02-20-2003, 06:43 AM
|
#5 |
|
Confirmed User
Join Date: Sep 2002
Posts: 2,057
|
spoofing and the progs to do it have been around for a while....and yes there is a way to prevent it.
basically someone needs to know their target in order to spoof....if you dont publish the target then you've made it a bit harder for anyone to spoof you. if you publish a members login on the web then dont use a members location that is easy to guess. eventually though, if someone really wants in they will get in....most likely by carding your site and finding your members url. |
|
|
|
|
02-20-2003, 06:45 AM
|
#6 |
|
Confirmed User
Join Date: May 2002
Location: StatsRemote.com
Posts: 1,804
|
Programs like this have been out there for years... it's really easy to fake the referral URL...
__________________
|
|
|
|
|
02-20-2003, 06:48 AM
|
#7 | |
|
Confirmed User
Join Date: Feb 2003
Posts: 276
|
Quote:
|
|
|
|
|
|
02-20-2003, 06:50 AM
|
#8 |
|
Confirmed User
Join Date: Feb 2003
Posts: 276
|
Edit
|
|
|
|
|
02-20-2003, 07:12 AM
|
#9 | |
|
Confirmed User
Join Date: Feb 2003
Posts: 276
|
Quote:
It probably helps a little, but not much. I've seen pirates use a hacked password to get the members' location. Then, once they have the location for the spoof, it doesn't matter if the password dies quickly. And, of course, once they post the spoof, no one needs to bother with a password again. |
|
|
|
|
|
02-20-2003, 07:19 AM
|
#10 |
|
Registered User
Join Date: Feb 2003
Posts: 3
|
Protecting on referer is a bad idea anyway imho.
Because the referer is sent from the client side, the client will always be able to spoof it. You also saw this with formmail being abused by spammers, it only relied on the referer  I suggest content providers to move to some other form of authentication, unless the amount of spoofers is low enough to still make a good profit, however with this 'teqnique' getting more and more known the amount of spoofers will rise.. |
|
|
|
