password forums. if you run a pay site. read this

[fris]

http://www.protectadult.com/forumsecurity.php

we have released the monster list.

and a bit of an update just to keep you updated

[Juggernaut]

Adding these URL's to a blocklist, doesn't prevent people from copy and pasting the hacked URL directly into their browser.

You've just given free porn to all the surfers on GFY, by the way.

[nmcog]

Just force all passwords to be randomly generated and let members pick their own username.

[fris]

Quote:

Originally Posted by nmcog

Just force all passwords to be randomly generated and let members pick their own username.

useless

still crackable

[SomeCreep]

Quote:

Originally Posted by fris

http://www.protectadult.com/forumsecurity.php

we have released the monster list.

and a bit of an update just to keep you updated

Uhm, use common sense. Dont post that list on this board.

Edit: Surfers will bookmark those urls.

[Trax]

useless...

[goldman]

CTRL-D....

hmmm.................................
http://pass.nejcpass.com/
this ones the best from what i can remember.........

there r a further 1000 password sites out there

[BIGTYMER]

The sufers here are going to love those forums...

[Triple 6]

why the fuck is it so hard for these paysites to monitor IP's and grant access to no more then 2 uniques per day on each account? its fucking easy. wake up.

[nmcog]

Quote:

Originally Posted by fris

useless

still crackable

I've lurked for a while on IRC password trading channels (from efnet to thundercity), everytime some paysites get requested, everyone says that one is impossible because they autogenerate the password.

I've also talked with some of the ops who've been doing it since 1999 and they say the only way is to actually crack the server and not bruteforce which turns into a whole different game.

[fris]

Quote:

Originally Posted by nmcog

I've lurked for a while on IRC password trading channels (from efnet to thundercity), everytime some paysites get requested, everyone says that one is impossible because they autogenerate the password.

I've also talked with some of the ops who've been doing it since 1999 and they say the only way is to actually crack the server and not bruteforce which turns into a whole different game.

its actually all bruteforced.

htacess is really easy to crack.

have a good dictionary list. and big proxy list. run it through over 2 million times and you will crack it. some sites are being smart and doing form logins. which are the smart way to go. thats why people use proxy's to crack. because of course if they see more than 2 ips from the same host they will ban.

we shut down password trading channels on dalnet last december. that was where most of the trading was done.

[MandyBlake]

that's why we have password protection software.

[MGibson]

Actually make a fake part of your site, put it on a password forum. Fill the fake part with upsells. Money does come in...

[jMP]

Quote:

Originally Posted by fris

http://www.protectadult.com/forumsecurity.php

we have released the monster list.

and a bit of an update just to keep you updated

Thanks for the laugh
Now go find the other 5 million sites and their mirrors


Your security team beat pennywise? OMG! How lame are these guys if that?s their claim to password security fame.

[VeriSexy]

Quote:

Originally Posted by fris

http://www.protectadult.com/forumsecurity.php

we have released the monster list.

and a bit of an update just to keep you updated

Good job

[Jake]

Quote:

Originally Posted by Triple 6

why the fuck is it so hard for these paysites to monitor IP's and grant access to no more then 2 uniques per day on each account? its fucking easy. wake up.

Yes and then you'll spend the entire day unblocking pissed off AOL users. Or worse, they'll just cancel or chargeback their membership because they can't get access to the site.

[jMP]

Quote:

Originally Posted by fris

its actually all bruteforced.


"have a good dictionary list"

.

.
And where do you think the good wordlists come from?
If you?re going to handout security advice you might want to actually understand the game first.

I can?t believe I doubled my post count in one night

[Cassie]

Quote:

Originally Posted by jMP

.

I can?t believe I doubled my post count in one night

[kyree666]

Quote:

Originally Posted by jMP

.
And where do you think the good wordlists come from?
If you?re going to handout security advice you might want to actually understand the game first.

I can?t believe I doubled my post count in one night

lol been saying that for years...do I know you/of you jMP I believe I do

screw dealing with dictionary files...people are creatures of habit...get one passfile, you're into many other sites...

for people running pay sites your best bet is to make it as diffecult as possible, make it more trouble than it's worth...form login with visual your best bet....but even that's not uncrackable...lemme rephrase that...your best bet...learn wtf you are doing, quit leaving it up to your hosts to protect you...quit being so god damn lazy, quit worrying about making that quick buck...learn about server configurations,quit being button pushers, START caring about your memebrs and offer them some security...learn how to crack, and you will learn how to protect
there are many sites that crackers will not even bother touching...why ? because the owners went to the trouble of finding out how people are getting in, instead of sitting around crying about it happening...do you really think shutting down an irc channel, or a website is gonna keep people out? get a clue....this si the same old tired shit it hasa been for years...you find a way to keep crackers out...we build a better mousetrap....but look at the brite side....handing out passwords tends to weed out the competition, and break the asshats that run shitty sites


moral of this rant......get off your lazy fucking asses and learn wtf you're doing before you call yourself a pr0n webmaster

kyree

[High_Times]

This thread will show you how to make it difficult as possible:
http://www.gofuckyourself.com/showthread.php?t=459989

[Johny Traffic]

Quote:

Originally Posted by Triple 6

why the fuck is it so hard for these paysites to monitor IP's and grant access to no more then 2 uniques per day on each account? its fucking easy. wake up.

What about ISP's that dont give the user a fixed IP?

[Mutt]

Quote:

Originally Posted by kyree666

lol been saying that for years...do I know you/of you jMP I believe I do

screw dealing with dictionary files...people are creatures of habit...get one passfile, you're into many other sites...

for people running pay sites your best bet is to make it as diffecult as possible, make it more trouble than it's worth...form login with visual your best bet....but even that's not uncrackable...lemme rephrase that...your best bet...learn wtf you are doing, quit leaving it up to your hosts to protect you...quit being so god damn lazy, quit worrying about making that quick buck...learn about server configurations,quit being button pushers, START caring about your memebrs and offer them some security...learn how to crack, and you will learn how to protect
there are many sites that crackers will not even bother touching...why ? because the owners went to the trouble of finding out how people are getting in, instead of sitting around crying about it happening...do you really think shutting down an irc channel, or a website is gonna keep people out? get a clue....this si the same old tired shit it hasa been for years...you find a way to keep crackers out...we build a better mousetrap....but look at the brite side....handing out passwords tends to weed out the competition, and break the asshats that run shitty sites


moral of this rant......get off your lazy fucking asses and learn wtf you're doing before you call yourself a pr0n webmaster

kyree

why do you surfers hang out here? seems like there is a growing group of pr0n webmasters groupies. surfers who are fascinated by the behind the scenes machinery of the web porn machine.

[fris]

bringing up old threads

nice

glad i took that list down.

i still wanna do a security aduit on paysites running proxypass, strongbox, and writeup a review. on the products.