Redirecting Password sharing sites

[Nurgle]

Hi there all

I run a couple of small paysites, and was unfortunate enough to get a password listed on ultrapasswords.com etc

now using .htaccess i would have assumed I could easily redirect these arsewhipes

=
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://www.ultrapasswords.com/.*$ [NC]
ReWriteRule .* http://www.nasty-domain-hell.com/ [R,L]
AuthUserFile ........
AuthGroupFile /dev/null
AuthName "Hello"
AuthType Basic

require valid-user
=
Using the above doesnt seem to work.. and i wonder if its due to the link being in the format http://username:[email protected]. I always get a login box of the members area instead of being redirected

Is anyone able to offer any help on how i can redirect without them being prompted with a login box?

Nurgle

[AnnihilaT]

dude...take the traffic...it actually will convert. just kill the pass so they get redirected to your 401 page advertising some of your sites.

[Nurgle]

Thats what i wanted to do.. but redirect them straight to my front page or whatever.... without them trying to authenticate...

Nurgle

[Hooper]

redirect them to http://www.freepassesnow.com and make 25 per signup.

it works like a charm.

[andi_germany]

Try Iprotect. The prog will shut down the usernames and forwards the traffic where you want.

[Nurgle]

ok Andi i will take a look

Im suprised no one has replied with a good .htaccess that redirects all the password lists sites.. someone must use one??


Nurgle

[DirkPitt]

Quote:

Originally posted by Hooper
redirect them to http://www.freepassesnow.com and make 25 per signup.

it works like a charm.

How do you get signed up for this?

[DirkPitt]

I redirect traffic to a suspended htm page but after the sentry security script suspends the user. Sorry if this does not help.

[Nurgle]

no .htaccess experts around that may be able to help?

Nurgle

[Danielle]

Install Stop That Hacker and forget about it. http://www.stopthathacker.com

It stops the brute force attacks before the hacker can steal your passwords 99.9% of the time. If the hacker is using HEAD attacks it can stop them 100% of the time.

And if a member gives his password out or a hacker buys a membership using a stolen credit card Stop That Hacker will detect password abuse and kill the password.

Then just redirect the bad password attempts to what ever page you want. Make you a small fake members area upselling the hell out of your main members area.

Hugs,
Danielle

[cash69]

not gonna work.. gotta have it go by username... if more then 3 ip's login to the same username within 12 hours.. lock that shit up for a day or 2 and have it email them and tell them what's up

[Nurgle]

I use an abuse type script to tell me when a username is being abused.. but with htaccess i should be able to redirct the password sites anyway... and its that im trying to acheive ;)

Nurgle

[p00p]

Quote:

Originally posted by Nurgle
no .htaccess experts around that may be able to help?

Nurgle

Nurgle, the problem with your request is there are so many password sites. .htaccess will work, but that file will be huge. Here is an example:

RewriteEngine On

RewriteCond %{HTTP_REFERER} http://ultrapasswords.com [NC,OR]
RewriteCond %{HTTP_REFERER} http://www.ultrapasswords.com [NC]
RewriteRule /* http://www.yoursite.com [R,L]

Obviously you will have to add to it. And no spaces between the lines

[Nurgle]

Mate when i tried that.. the issue i found is that the user was still prompted to enter their password (if i changed the password of the "hacked" user.

They dont get redirected BEFORE a login attempt.

Or have i just fucked it up?

Nurgle

[p00p]

Quote:

Originally posted by Nurgle
Mate when i tried that.. the issue i found is that the user was still prompted to enter their password (if i changed the password of the "hacked" user.

They dont get redirected BEFORE a login attempt.

Or have i just fucked it up?

Nurgle

It should redirect to the page you want. If you didn't get an apache error (500 internal server error) then the .htaccess should be working.

How about this....why not just redirect the password being shared? You can use .htaccess to redirect usernames.

[p00p]

Also, about that .htaccess I gave you.

Try a couple of things. Don't put it in your members area .htaccess file. Try putting it in your root directory where all your public pages are.

[Nurgle]

AHh thanks.. will give that a go.. also i didnt know you could redirect usernames.. so thats something to check out!

cheers mate

Nurgle

[<IMX>]

Tranny House *Tranny *likewhoa *isdown

!LOL

[p00p]

Quote:

Originally posted by Nurgle
AHh thanks.. will give that a go.. also i didnt know you could redirect usernames.. so thats something to check out!

cheers mate

Nurgle

I have a lot of fun with this one.

RewriteEngine on
RewriteCond %{REMOTE_USER} user1 [OR]
RewriteCond %{REMOTE_USER} user2 [OR]
RewriteCond %{REMOTE_USER} user3
RewriteRule /* http://www.yoursite.com [R,L]

Put it in the .htaccess file in your members area. Send a password to ultrapasswords, when you get listed, add password to your .htaccess, redirect the surfer to a pay per click program, a toplist etc.
Just make sure you catch the password site when it is listed, or you are major fucked.....
I think this is such a cool thing, I may start my own thread on redirecting usernames

[Nurgle]

I can imagine.. i got fucked big time.. i only found out by accident my site was compromised the first time hehehe!

I will play around with that and see how i go

Nurgle

[PxG]

Nurgle,

Check out www.proxypass.com ...it will eliminate your problems all together.



L

[KRL]

Are you nuts? That's great traffic. You can turn that into money easily!!