|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
11-25-2003, 03:17 PM
|
#1 |
|
Confirmed User
Join Date: Aug 2003
Location: Dorset, UK
Posts: 638
|
Spoofing. Best way to stop it.
I seem to have a problem with spoofers, who get past my .htaccess like it isn't there.
Whats the best method to stop them accessing the members area? Serious answers please!  cheers |
|
|
|
11-26-2003, 01:31 AM
|
#2 |
|
Confirmed User
Join Date: Aug 2003
Location: Dorset, UK
Posts: 638
|
bump.
no one know how to stop spoofing? |
|
|
|
|
11-26-2003, 01:37 AM
|
#3 |
|
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,393
|
Is it for an AVS site? I don't think there is really any other generic way to protect your members area - the AVS would need to pass control to a script on your site with some sort of key that validates the surfer. Authenticating by referer is a nice and clean way to do it as it's all done with a few lines of .htaccess without needing scripts on your side, but as you can see it's virtually useless these days.
If you control the login page then you could move to a form+cookie based login, or stick with good old HTTP basic auth. |
|
|
|
|
11-26-2003, 01:38 AM
|
#4 |
|
Confirmed User
Join Date: Jan 2003
Location: Brisbane, Australia
Posts: 753
|
Look into cookies, something that checks that they have permission because they've already gone through your "gateway", if they dont, 403. Session management cookies might do it.
|
|
|
|
|
11-26-2003, 01:50 AM
|
#5 |
|
Confirmed User
Join Date: Aug 2003
Location: Dorset, UK
Posts: 638
|
basically its all my remaining members that signed up through ACPay. There are only about 150 members left that go through the acpayscript to enter my site.
If I added all these remaining ACPay members to my CCBill password file and removed the acpay from my htaccess file would that stop the problem? Of course I would have to remove the acpay members by hand as they cancelled, but if it stopped the problem its worth it. |
|
|
|
|
11-26-2003, 01:51 AM
|
#6 |
|
Registered User
Join Date: Oct 2003
Location: NYC
Posts: 326
|
 |
|
|
|
|
11-26-2003, 01:53 AM
|
#7 |
|
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,393
|
Did acpay use referer based authentication? Ouch, that's a HUGE hole for a 'real' paysite!! Yes, you'll probably save more bw in the long run by using proper authentication, even if your members get a week or two extra.
If ccbill allows you to 'deep link' products then email your acpay members a hidden URL that gives them a special rate for defecting from acpay to ccbill. |
|
|
|
|
11-26-2003, 01:57 AM
|
#8 | |
|
Confirmed User
Join Date: Aug 2003
Location: Dorset, UK
Posts: 638
|
Quote:
Looks like I will have to get them to change the auth so that the hole is filled in. I wondered why my servers were getting a bit slow over the last 24 hours. It was filled up with fucking hahahahaing gate crashers!   |
|
|
|
|
