Got feeds in your paysite? Check this. - GoFuckYourself.com

cafeaulait · 03-13-2003, 04:44 AM

You probably already know this, but I just found out so......

Most paysite feeds use simple referer based security to say that the link actually came from your members area. I just downloaded this little ZSpoof tool and was able to access every single one of my feeds from outside my members area.

Its fucking scary to think how many other people can do this, either guess or just sign-up to a site once, copy all the feed links into ZSpoof and then cancel and you've got access to all of the feeds for life!

Why can't feeds providers put better security in place????

ServerGenius · 03-13-2003, 04:54 AM

Remove the link please......just mention the program, don´t ç
actually give it to all the kiddies that lurk around here.

Referrer protection sucks, it´s so easy to fake. In a 10 line
perl/php script you can write a header that has fake referrer info

DynaMite

quiet · 03-13-2003, 04:55 AM

Quote:

Originally posted by DynaSpain
Remove the link please......just mention the program, don´t ç
actually give it to all the kiddies that lurk around here.

Referrer protection sucks, it´s so easy to fake. In a 10 line
perl/php script you can write a header that has fake referrer info

DynaMite

too late

ServerGenius · 03-13-2003, 04:58 AM

It´s something you should be very wary off. Most plugin providers
bill you for bandwidth. If people start to use these kind of programs, and fake your referrer then you will get a fucking nice
bill at the next pay period.

DynaMite

Hentaikid · 03-13-2003, 05:21 PM

Can't you combine both? A login page that can only be accessed from the referrer and a password displayed above the link in the referring paysite's member area.

G Sharp · 03-13-2003, 05:24 PM

A particularly notorious spoofer P___________s has been around for awhile. You'd think that big feeds providers like holio, socal, etc would plug this revenue leak up?

SNIPER · 03-13-2003, 07:15 PM

Man that is SO OLD! Almost prehistoric lol GET IT ...

Anyways...here is a smarter way of stopping his operations. I did it once before I would do it again, but I don?t have the time.

All those programs he is promoting...I contacted....let them know that the yare sponsoring A THEIF ..and what ya know the boy doesn't have two pennies to rub together. The site goes down and eventually it comes back.

WHY>

Because some CONTENT PROVIDERS, decide to work with the fucker and get 1-1 shows and shit from him. SO YOU SEE A BANNER IN HIS PROGRAM and YOU WANT TO DO SOMETHING ABOUT IT..... Contact the rev share place and let them know that unless they remove him from their list that you will be posting their names in here! and everywhere else you post.

WHEN YOU SUPPORT A THEIF YOU ARE A THEIF!

ronaldo · 03-14-2003, 10:21 AM

Quote:

Originally posted by cafeaulait
You probably already know this, but I just found out so......

Most paysite feeds use simple referer based security to say that the link actually came from your members area. I just downloaded this little ZSpoof tool and was able to access every single one of my feeds from outside my members area.

Its fucking scary to think how many other people can do this, either guess or just sign-up to a site once, copy all the feed links into ZSpoof and then cancel and you've got access to all of the feeds for life!

Why can't feeds providers put better security in place????

Very interesting that someone should bring this up.

We're in the process of developing a script that will protect against this. The problem will be convincing paysite owners that they have to put OUR script on their server.

We're releasing 23 feeds on April 1, but we don't think the script will be ready until May 1.

ronaldo · 03-14-2003, 10:24 AM

Quote:

Originally posted by DynaSpain
It´s something you should be very wary off. Most plugin providers
bill you for bandwidth. If people start to use these kind of programs, and fake your referrer then you will get a fucking nice
bill at the next pay period.

DynaMite

We have NEVER surprised anyone with a bill like this and NEVER would. That is the reason for my post above.

Worst case you would have had notification of a price jump the next month. If, of course you balked at the price, we would look further into your bandwidth usage.

All of that will be a moot point soon.

03-13-2003, 04:44 AM	#1
cafeaulait Confirmed User Industry Role: Join Date: Jun 2002 Posts: 587	Got feeds in your paysite? Check this. You probably already know this, but I just found out so...... Most paysite feeds use simple referer based security to say that the link actually came from your members area. I just downloaded this little ZSpoof tool and was able to access every single one of my feeds from outside my members area. Its fucking scary to think how many other people can do this, either guess or just sign-up to a site once, copy all the feed links into ZSpoof and then cancel and you've got access to all of the feeds for life! Why can't feeds providers put better security in place???? Last edited by cafeaulait; 03-13-2003 at 05:07 AM..

03-13-2003, 04:54 AM	#2
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	Remove the link please......just mention the program, don´t ç actually give it to all the kiddies that lurk around here. Referrer protection sucks, it´s so easy to fake. In a 10 line perl/php script you can write a header that has fake referrer info DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

03-13-2003, 04:58 AM	#4
ServerGenius Confirmed User Join Date: Feb 2002 Location: Amsterdam Posts: 9,377	It´s something you should be very wary off. Most plugin providers bill you for bandwidth. If people start to use these kind of programs, and fake your referrer then you will get a fucking nice bill at the next pay period. DynaMite __________________ \| http://www.sinnerscash.com/ \| ICQ: 370820 \| Skype: SinnersCash \| AdultWhosWho \|

03-13-2003, 07:15 PM	#7
SNIPER Confirmed User Join Date: Mar 2001 Location: Wherever my laptop is. Posts: 410	Man that is SO OLD! Almost prehistoric lol GET IT ... Anyways...here is a smarter way of stopping his operations. I did it once before I would do it again, but I don?t have the time. All those programs he is promoting...I contacted....let them know that the yare sponsoring A THEIF ..and what ya know the boy doesn't have two pennies to rub together. The site goes down and eventually it comes back. WHY> Because some CONTENT PROVIDERS, decide to work with the fucker and get 1-1 shows and shit from him. SO YOU SEE A BANNER IN HIS PROGRAM and YOU WANT TO DO SOMETHING ABOUT IT..... Contact the rev share place and let them know that unless they remove him from their list that you will be posting their names in here! and everywhere else you post. WHEN YOU SUPPORT A THEIF YOU ARE A THEIF! __________________ Face Like and Angel, but Makes More Deals than the Devil }:-)

03-13-2003, 05:21 PM	#5
Hentaikid Confirmed User Join Date: Nov 2002 Posts: 1,249	Can't you combine both? A login page that can only be accessed from the referrer and a password displayed above the link in the referring paysite's member area.

03-13-2003, 05:24 PM	#6
G Sharp So Fucking Banned Join Date: May 2002 Posts: 1,343	A particularly notorious spoofer P___________s has been around for awhile. You'd think that big feeds providers like holio, socal, etc would plug this revenue leak up?