Why to Password sites not get shut down?

[debbieN]

I have found another source of why my bandwidth is so high.

Password sites.

I finally got Webalizer reinstalled and found 15K hits so far today.

I am new at SSH.

how do I get rid of certian passwords and usernames?

[crescentx]

First off, you need at least a basic program to block this stuff.

Pennywize (pennywize.com) is a good starting point, free if you do everything manually, but otherwise I'd say ProxyPass (proxypass.com).

Either one will disable password sharing based upon how many different computers you believe should have access to your members' area.

It's rudimentary, and there's more you should do, but it's a crucial first start.

As far as getting them shut down - good luck. Even getting copyright violators shut down is tough, like jack in the boxes they magically reappear somewhere else a few months later.

Hit me up if you have questions, ICQ 92621328

-doug

[debbieN]

Wow,

as usual you guys really help me keep from going under.

I am trying to use Putty to get access to SSH but I do not know any of the language to navigate.

I will try the above information and try to learn it so I don't have to keep paying $65 per incident.

thanks again.

GFY is great.

[mryellow]

You could pay pennywize every month....

or

You could buy the 10 lines of code it takes to stop them from Perlcoders.

-Ben

[debbieN]

thanks

I will just learn SSH and understand how to remove the usernames and password myself

It is about time I learned this.

I want to be a real webmistress with a bite.

[crescentx]

putty is the way to go for sure. But be careful what you monkey with if you're new. Always available if you have a q-

ICQ 92621328

Removing username/password from passwd files via command line does nothing, by the way, since most if not all processors refresh the htpasswd file daily, and if you're not careful you could screw up permissions for new users signing up and their access might not be entered.

-doug

[Paul Markham]

Can you get a login/password system to recognise an IP address?

so you know who is logging in and where from.

[Mr. Marks]

Cuz the bigger ones are FAKE heheehheeh

[crescentx]

Quote:

Originally posted by charly
Can you get a login/password system to recognise an IP address?

so you know who is logging in and where from.

This doesn't work thanks to large ISPs such as AOL. If you check your logs you'll see an alarming number of logins coming from certain IPs - most of them are the mega-ISPs. Block an AOL proxy, you've just killed all of your AOL users at random - some get in, some don't, based on their proxy (which they have no choice on). Same applies to user-chosen proxies.

There is a range - say, 25 IPs - that you can say, OK, this is beyond AOL level usage. Pennywize lets you do that - ProxyPass is more sophisticated and drops AOL from its calculations. This can backfire because some of these abusers recognize this fact and can mask their IPs successfully.

More serious than simple password sharing, which just amps your bandwidth, is a proxy attack. For obvious reasons, I won't detail exactly what this exactly is, but it relies on using authenticated requests and cancelled requests. It's happened to us on more than one occasion.

Your server load goes through the roof - to the point where SSH and web dies pretty much - bandwidth is stable, nothing in any error log, no idea of where it's coming from. Server dies.

Apache has some shitty code in it. ProxyPass is designed to block this sort of attack and has done so with decent success for us. This DoS is amazingly effective and damned difficult to block without something like ProxyPass.

Password trading is small-time and easy to block, this other attack is brutal and ruthless.

-doug

[RK]

Quote:

Originally posted by debbieN
I will try the above information and try to learn it so I don't have to keep paying $65 per incident.

$65 per incident? Where are you hosted?
We do these things (and way more complicated things) for free for clients.

[RK]

Quote:

Originally posted by crescentx
Your server load goes through the roof - to the point where SSH and web dies pretty much - bandwidth is stable, nothing in any error log, no idea of where it's coming from. Server dies.

I would have to disagree. There is clear evidence in the error and log and it's easy to figure out where it is coming from. Furthermore, the server does not die. This of course assumes a properly configured server with a competent admin.

[malakajoe]

Quote:

Originally posted by debbieN
thanks

I will just learn SSH and understand how to remove the usernames and password myself

It is about time I learned this.

I want to be a real webmistress with a bite.

Learn how to control your .htpassword file AND get a security software package.

They will look at how many logins a certain id is using. If over your threshold (you set it), they will lock the account until you look at it. Other things it does, but that is the basics.

Now, as someone stated, AOL gives different IP addresses everytime someone logs in. So if you set your threshold at no more than 4 or 5 ip's in a 24 hour period, you should be fine.

But you definately need something on top of you just deleting users. You won't always catch everything.