Password traders/brute force... - GoFuckYourself.com

Fatbrain · 01-04-2004, 06:57 PM

I'm looking for scripts that combat those, I've heard of Pennywise, just before I choose I would like some feedback on what you use and why =)

Hardcore J · 01-04-2004, 06:59 PM

Pennywize is what I use.

I'd caution you though, if you plan to use members.sitename.com pennywize will not be 100% effective..

Fatbrain · 01-04-2004, 07:01 PM

Nope, at the moment it's just http://www.site.com/members_randomstring/ =)

Fatbrain · 01-04-2004, 07:03 PM

Quote:

Originally posted by Hardcore J
Pennywize is what I use.

I'd caution you though, if you plan to use members.sitename.com pennywize will not be 100% effective..

Do you use the free version or the pay?

Fatbrain · 01-04-2004, 07:09 PM

Quote:

Originally posted by Mystery Man
http://www.monster-submit.com/sentry/
I'd choose Password Sentry any day over Pennywise.

Sentry fucking rocks

Why is that? =)

RFlagg · 01-04-2004, 07:15 PM

coupla lines of code should do the trick...

I code (ASP & VBScript) all of the anti-fraud, maybe I'm paranoid.

I'm sure you could do something in PHP or PERL if yer not a windows fan.

If you don't code, I'm sure someone on GFY will be happy to offer their respective services.

Fatbrain · 01-04-2004, 07:18 PM

Yes, I'm looking for a premade script...Pennywise is looking nice as it also offers member usage stats as well.

Kinda curious on this password centry tho, a one time fee as opposed to a montly would be nice =)

doober · 01-04-2004, 07:22 PM

pennywize works, go ahead and signup and dont think about it anymore...set your subnets to 10 and you should be all set.

Fatbrain · 01-04-2004, 07:46 PM

I've signed up, just trying to decide if it is worth it to upgrade to the paid membership now =)

Fatbrain · 01-04-2004, 07:50 PM

Quote:

Originally posted by Mystery Man

Because it is cheaper and it works better. Simple as that

LOL, exactly how does it work better than pennywize?

The free version of pennywize seems to do pretty much the same thing sentry does...

Kevin2 · 01-04-2004, 07:57 PM

We use StrongBox on all our pay sites and it rocks

send an email to Ray if you want to know more about it [email protected]

BV · 01-04-2004, 08:03 PM

If you want the best use: http://www.proxypass.com/

TheSaint · 01-04-2004, 08:38 PM

Those passwords thingies scare me; always hearing about cases where they fucked innocent surfers.

Besides, if you think about how they work, they don't, really. If a hacker launches a brute force from 2,000 proxies (I get these all the time) letting it fail on the apache username doesn't eat up a whole lot more cpu than Pennywise or whatever.

Me, I never worry about it. I average about a million break in attempts a day it seems but it doesn't seem to cause any problems, and with those impossible to guess CCBill passwords there isn't a chance in hell of getting in.

Anybody running a brute force attack these days is a stupid moron, not tooo many sites let you choose your own password anymore.

Danielle · 01-04-2004, 10:07 PM

Also take a close look at Stop That Hacker http://www.stopthathacker.com

It's been around a long time and works great!

Most high speed proxie attacks use the faster HEAD request and Stop That Hacker stops 100% of all HEAD requests before Apache even reads the htpasswd file.

Hugs,
Danielle

spooky181 · 01-05-2004, 12:29 AM

My site used to get hacked a lot, but not since I started using Pennywize..

Bansheelinks · 01-05-2004, 12:58 AM

Only one solution......

Fatbrain · 01-05-2004, 06:19 AM

Phooey...I can't modify my httpd.conf file for pennywise...Someone suggested that .htaccess could probably handle what they need done.

Anyone heard of this?

jMP2 · 01-05-2004, 06:41 AM

Password sentry works well for suspending abused passwords
And only has one time license fee.
Been using it on our sites for 18 months and it's never let us down.

Random passwords are a must, but don't help you when your billing company gets hacked and all your un-encrypted passwords get out. Yes it happens don't be so naive!

None of these programs are 100 percent going to solve all your probs, but can save mega bucks in bandwidth.

Pennywise is a waste of money in my opinion.
Also tried RCP but to many probs banning normal member activity.

Password sentry rocks
and first class support from Dan.

jMP2 · 01-05-2004, 06:58 AM

Quote:

Originally posted by Fatbrain

LOL, exactly how does it work better than pennywize?

The free version of pennywize seems to do pretty much the same thing sentry does...

Sentry runs completely on your own server and has an easy to use admin interface.
You are also able to manage your htaccess and password file directly from the sentry admin. The admin gives you plenty of information on what ip?s are accessing with each user:pass, referring urls and a built in feature to resolve ip's so you can quickly make a decision if the password is abused or a member is on an non-static ip ?dialup false alarm? you can also set passwords to be exempt from suspension if required.
Also has an email feature to send alerts directly to your mailbox.
Worth every cent.

01-04-2004, 06:57 PM	#1
Fatbrain Confirmed User Join Date: Oct 2002 Location: Mars Posts: 218	Password traders/brute force... I'm looking for scripts that combat those, I've heard of Pennywise, just before I choose I would like some feedback on what you use and why =)

01-04-2004, 07:57 PM	#11
Kevin2 Confirmed User Join Date: May 2003 Location: Australia Posts: 1,429	We use StrongBox on all our pay sites and it rocks send an email to Ray if you want to know more about it [email protected] __________________ Webmasters Trade Traffic!!!

01-04-2004, 08:38 PM	#13
TheSaint Confirmed User Join Date: Jun 2003 Location: Everywhere at once Posts: 991	Those passwords thingies scare me; always hearing about cases where they fucked innocent surfers. Besides, if you think about how they work, they don't, really. If a hacker launches a brute force from 2,000 proxies (I get these all the time) letting it fail on the apache username doesn't eat up a whole lot more cpu than Pennywise or whatever. Me, I never worry about it. I average about a million break in attempts a day it seems but it doesn't seem to cause any problems, and with those impossible to guess CCBill passwords there isn't a chance in hell of getting in. Anybody running a brute force attack these days is a stupid moron, not tooo many sites let you choose your own password anymore. __________________ I have no signature

01-04-2004, 06:59 PM	#2
Hardcore J Hardcore 4 Life™ Join Date: Mar 2003 Location: Everett, WA Posts: 2,553	Pennywize is what I use. I'd caution you though, if you plan to use members.sitename.com pennywize will not be 100% effective..

01-04-2004, 07:01 PM	#3
Fatbrain Confirmed User Join Date: Oct 2002 Location: Mars Posts: 218	Nope, at the moment it's just http://www.site.com/members_randomstring/ =)

01-04-2004, 07:15 PM	#6
RFlagg Confirmed User Join Date: Oct 2003 Location: Apollo Beach, FL Posts: 128	coupla lines of code should do the trick... I code (ASP & VBScript) all of the anti-fraud, maybe I'm paranoid. I'm sure you could do something in PHP or PERL if yer not a windows fan. If you don't code, I'm sure someone on GFY will be happy to offer their respective services.

01-04-2004, 07:18 PM	#7
Fatbrain Confirmed User Join Date: Oct 2002 Location: Mars Posts: 218	Yes, I'm looking for a premade script...Pennywise is looking nice as it also offers member usage stats as well. Kinda curious on this password centry tho, a one time fee as opposed to a montly would be nice =)

01-04-2004, 07:22 PM	#8
doober Confirmed User Join Date: Jul 2003 Location: in yoOoo kitchen Posts: 6,984	pennywize works, go ahead and signup and dont think about it anymore...set your subnets to 10 and you should be all set.

01-04-2004, 07:46 PM	#9
Fatbrain Confirmed User Join Date: Oct 2002 Location: Mars Posts: 218	I've signed up, just trying to decide if it is worth it to upgrade to the paid membership now =)

01-04-2004, 08:03 PM	#12
BV wtf Industry Role: Join Date: Sep 2001 Location: Bikini State, FL USA Posts: 10,914	If you want the best use: http://www.proxypass.com/

01-04-2004, 10:07 PM	#14
Danielle Confirmed User Join Date: Jun 2002 Location: My Coffin Posts: 1,227	Also take a close look at Stop That Hacker http://www.stopthathacker.com It's been around a long time and works great! Most high speed proxie attacks use the faster HEAD request and Stop That Hacker stops 100% of all HEAD requests before Apache even reads the htpasswd file. Hugs, Danielle

01-05-2004, 12:29 AM	#15
spooky181 Confirmed User Join Date: Jul 2003 Location: back of beyond Posts: 2,951	My site used to get hacked a lot, but not since I started using Pennywize..

01-05-2004, 12:58 AM	#16
Bansheelinks Confirmed User Join Date: Apr 2003 Posts: 6,023	Only one solution......

01-05-2004, 06:19 AM	#17
Fatbrain Confirmed User Join Date: Oct 2002 Location: Mars Posts: 218	Phooey...I can't modify my httpd.conf file for pennywise...Someone suggested that .htaccess could probably handle what they need done. Anyone heard of this?

01-05-2004, 06:41 AM	#18
jMP2 Registered User Join Date: Aug 2003 Posts: 48	Password sentry works well for suspending abused passwords And only has one time license fee. Been using it on our sites for 18 months and it's never let us down. Random passwords are a must, but don't help you when your billing company gets hacked and all your un-encrypted passwords get out. Yes it happens don't be so naive! None of these programs are 100 percent going to solve all your probs, but can save mega bucks in bandwidth. Pennywise is a waste of money in my opinion. Also tried RCP but to many probs banning normal member activity. Password sentry rocks and first class support from Dan.