Freeloaders! - GoFuckYourself.com

Pauper · 11-02-2003, 12:23 PM

I'm new to the board, but not to the biz.

I got a chargeback from a member subscription. When I checked the logs, I found that the user/pass was being used from multiple domains and IPs so I began digging. I found a listing on a bulletin board where the user/pass had been posted, along with several thousand others.

After some more digging, I found a few other BBS systems where other (current) passwords were also listed. Basically it amounted to almost half the traffic on the site was coming from freeloaders.

I've now started recoding part of the site to alert me when members login from more than a reasonable number of IPs or domains, or if I get logins to an account from countries other than the country where the membership is registered.

How do you guys deal with this problem? Is there a simpler way? I realise that slipping out free passes now and then can only be good advertising, but a lot of the people using these BBSs will never convert.

Oh, one last question: Can anyone recommend a good target site for popup hell that I can redirect these freeloaders to? Preferrably one that has NO exit loop!!!

Your thoughts appreciated.

Juicy D. Links · 11-02-2003, 12:24 PM

Why dont you use something like Pennywize?

ChumpChange · 11-02-2003, 12:29 PM

Next time post url's,please

MetaMan · 11-02-2003, 12:30 PM

one simpler solution would b using mixture of numbers and words that dont equal one.

like Q2dd3fc

some shit like that, remember they are brute forcing u most of the time, and the way one works is it uses huge txt files full of word + mixed words + tons of combination between letters and numbers.

a complex pass is harder to crack.
and the ones that arent brute forcing are cc frauding your site. and most cc fraud probly comes from a country like russia or china, redirect those people off your site using a geo target script.

that should solve some problems without in need of a major expensive script.

Cassie · 11-02-2003, 12:32 PM

i can put you in touch with a collection agency that may be able to helpif it ends up as a chargeback (refund); you have to have your own merchant account however. you would have to talk to the guy and explain your situation but the great thing about this company is that you can put "unpaid" funds (loss of debt) for the person in question against his credit report cause they deal with experian (and when a credit request is made, the 3 important companies are experian, trans union and equifax).

they also deal with customers who are international. they leave no country untouched.

see what we have to resort to because of scum customers?!!?!

if you want this company's info, icq me. that goes for anyone else as well.

btw i believe they can go back as far as 7 years. i know for some who have lost a merchant account, it doesnt do much but the pure satisfaction that this will end up on a persons credit report which could prevent them from say, ever buying a house, seems justified.

triumph · 11-02-2003, 12:34 PM

Just to let you know you are new to the biz also from your thread.

Pauper · 11-02-2003, 01:40 PM

Thanks guys.

The URL of the first one I found is http://austin.axg.net - take a look at the "Chickz" forum

I'll post the others up when I get chance, I have other fish to fry at the moment.

Thanks for the info on pennywize, but they don't do much more than I can do myself in PHP/MySQL, and without the overhead of a monthly payment to them. A few machine cycles on a high bandwidth server isn't a big deal, especially when it has access to the info already from the current logon and doesn't need to do much in the way of reverse lookups.

Metaman: Good idea, unfortunately the user/pass setup is all done by Verotel. I'm changing the scripting from that point of view so that users can change the pass when they need to which will allow me to enforce more secure passwords.

I did a lot of digging into the chargeback - the account was used from a kinkos (twice) and then started hitting the lists so I'm guessing that the card number was probably stolen, although it was probably a family member since they had to get at the security number on the card. I'm not going to chase that one too hard, but I am still digging through the lists to find out where auston.agx.net got it from since it was being hit before it was posted there.

Triumph: All depends on your point of view now, doesn't it?

Tuga · 11-02-2003, 01:58 PM

Quote:

Originally posted by triumph
Just to let you know you are new to the biz also from your thread.

fsfaz · 11-02-2003, 02:00 PM

Get a copy of Iprotect. It compiles into Apache and solves all your password troubles.

http://www.digital-concepts.net/cgi-iprotect.html

Pauper · 11-02-2003, 02:39 PM

Another freepass forum for you:
http://invisionfree.com/forums/XxXisrapass_forum

pantymaniac · 11-02-2003, 02:44 PM

welcome to 1950 !!

dude .. this problem is not new

you could not come anywhere posting passboards here

make your site unbrute forcable at all
and use pennywize style something...

some_idiot · 11-02-2003, 02:45 PM

Quote:

Originally posted by fsfaz
Get a copy of Iprotect. It compiles into Apache and solves all your password troubles.

http://www.digital-concepts.net/cgi-iprotect.html

He he he ... I would have to wonder about their skills.
Look at the date on your given link. (at the top in yellow)
They still haven't fixed their Y2K bugs.

tantalising · 11-02-2003, 05:26 PM

Check http://www.pennywize.com it is not that
expensive and you can redirect the naughty
hackers to any url you want.

fsfaz · 11-02-2003, 05:28 PM

Quote:

Originally posted by some_idiot

He he he ... I would have to wonder about their skills.
Look at the date on your given link. (at the top in yellow)
They still haven't fixed their Y2K bugs.

True. The guy who writes all the software (Chris) is a pretty busy guy. I don't even think he actively promotes this site anymore. I do however know that he is one of the smartest programmers I've ever dealt with.

HEARTBREAKER · 11-02-2003, 08:31 PM

to GFY Pauper!!!

11-02-2003, 12:23 PM	#1
Pauper Registered User Join Date: Nov 2003 Posts: 3	Freeloaders! I'm new to the board, but not to the biz. I got a chargeback from a member subscription. When I checked the logs, I found that the user/pass was being used from multiple domains and IPs so I began digging. I found a listing on a bulletin board where the user/pass had been posted, along with several thousand others. After some more digging, I found a few other BBS systems where other (current) passwords were also listed. Basically it amounted to almost half the traffic on the site was coming from freeloaders. I've now started recoding part of the site to alert me when members login from more than a reasonable number of IPs or domains, or if I get logins to an account from countries other than the country where the membership is registered. How do you guys deal with this problem? Is there a simpler way? I realise that slipping out free passes now and then can only be good advertising, but a lot of the people using these BBSs will never convert. Oh, one last question: Can anyone recommend a good target site for popup hell that I can redirect these freeloaders to? Preferrably one that has NO exit loop!!! Your thoughts appreciated.

11-02-2003, 12:32 PM	#5
Cassie Confirmed User Join Date: Mar 2003 Location: NJ Posts: 3,139	i can put you in touch with a collection agency that may be able to helpif it ends up as a chargeback (refund); you have to have your own merchant account however. you would have to talk to the guy and explain your situation but the great thing about this company is that you can put "unpaid" funds (loss of debt) for the person in question against his credit report cause they deal with experian (and when a credit request is made, the 3 important companies are experian, trans union and equifax). they also deal with customers who are international. they leave no country untouched. see what we have to resort to because of scum customers?!!?! if you want this company's info, icq me. that goes for anyone else as well. btw i believe they can go back as far as 7 years. i know for some who have lost a merchant account, it doesnt do much but the pure satisfaction that this will end up on a persons credit report which could prevent them from say, ever buying a house, seems justified. __________________ ICQ: 309756847 ]

11-02-2003, 02:44 PM	#11
pantymaniac Confirmed User Join Date: Feb 2003 Location: In Your GF's Panty. Posts: 1,192	welcome to 1950 !! dude .. this problem is not new you could not come anywhere posting passboards here make your site unbrute forcable at all and use pennywize style something... __________________ This place is for RENT

11-02-2003, 08:31 PM	#15
HEARTBREAKER Confirmed User Join Date: Jun 2003 Posts: 2,984	to GFY Pauper!!! __________________ An Adult IT Staffing Solutions Company email: [email protected] icq: 418366319 Tel.#: 1-702-940-0789 (U.S. Toll Free)

11-02-2003, 12:24 PM	#2
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992	Why dont you use something like Pennywize?

11-02-2003, 12:29 PM	#3
ChumpChange Confirmed User Join Date: Oct 2003 Posts: 329	Next time post url's,please

11-02-2003, 12:30 PM	#4
MetaMan I AM WEB 2.0 Industry Role: Join Date: Jan 2003 Posts: 28,682	one simpler solution would b using mixture of numbers and words that dont equal one. like Q2dd3fc some shit like that, remember they are brute forcing u most of the time, and the way one works is it uses huge txt files full of word + mixed words + tons of combination between letters and numbers. a complex pass is harder to crack. and the ones that arent brute forcing are cc frauding your site. and most cc fraud probly comes from a country like russia or china, redirect those people off your site using a geo target script. that should solve some problems without in need of a major expensive script.

11-02-2003, 12:34 PM	#6
triumph Confirmed User Industry Role: Join Date: Dec 2002 Location: Los Angeles Posts: 3,433	Just to let you know you are new to the biz also from your thread.

11-02-2003, 01:40 PM	#7
Pauper Registered User Join Date: Nov 2003 Posts: 3	Thanks guys. The URL of the first one I found is http://austin.axg.net - take a look at the "Chickz" forum I'll post the others up when I get chance, I have other fish to fry at the moment. Thanks for the info on pennywize, but they don't do much more than I can do myself in PHP/MySQL, and without the overhead of a monthly payment to them. A few machine cycles on a high bandwidth server isn't a big deal, especially when it has access to the info already from the current logon and doesn't need to do much in the way of reverse lookups. Metaman: Good idea, unfortunately the user/pass setup is all done by Verotel. I'm changing the scripting from that point of view so that users can change the pass when they need to which will allow me to enforce more secure passwords. I did a lot of digging into the chargeback - the account was used from a kinkos (twice) and then started hitting the lists so I'm guessing that the card number was probably stolen, although it was probably a family member since they had to get at the security number on the card. I'm not going to chase that one too hard, but I am still digging through the lists to find out where auston.agx.net got it from since it was being hit before it was posted there. Triumph: All depends on your point of view now, doesn't it?

11-02-2003, 02:00 PM	#9
fsfaz Confirmed User Join Date: Apr 2003 Location: Hollyweird, CA Posts: 747	Get a copy of Iprotect. It compiles into Apache and solves all your password troubles. http://www.digital-concepts.net/cgi-iprotect.html

11-02-2003, 02:39 PM	#10
Pauper Registered User Join Date: Nov 2003 Posts: 3	Another freepass forum for you: http://invisionfree.com/forums/XxXisrapass_forum

11-02-2003, 05:26 PM	#13
tantalising Registered User Join Date: Sep 2003 Location: Amsterdam The Netherlands Posts: 47	Check http://www.pennywize.com it is not that expensive and you can redirect the naughty hackers to any url you want.