Protecting Your Paysite

[pr0]

This post is inspired by an earlier post labled "Where can i get free passwords?".

I've been in the underground, i've seen how these little shits gain access to about 90% or more of your paysites. Chances are if you own a paysite, these guys have hit you atleast once.

What can you do to stop these guys?

- Learn from them!

Talk to them, act like your a fellow hacker & infiltrate their little hideouts.

Learn how to use their programs, learn how they get their exploits.....

Just take a little surf on over to www.deny.de , i happen to know the guy who runs that site "Friend of a Friend". So no one go harrassing this guy, he's just providing research material. If you wanna stop these assholes, the best way is to learn from them, then make sure your not vunerable to their attacks.


For more info or consulting...you can always icq me at #119040611




------------------

• CelebrityDialers.com - 45-cents (webmasters) to 90-cents (resellers)
• Sometimes when i'm watching a sunrise..i think damn...That'd be a phat java applet!

[DragonAss]

Amen

"Be the ball"

[ldinternet]

pennywize.com

What more can we say?

[richard123]

From the site mentioned by pr0 (and I quote):

"speaking of pennywize, i just cracked my first pennywize site
infact i found over 30 logins for it LOL"

Depressing, huh? LOL

I guess no script is fool (i.e. hack) proof. It'd be nice if there was an easy solution (other than monitoring the thousands of passwd hack boards)

[pr0]

haha...if you guys would actually go on Dalnet to #hackedxxxpasswords you would very quickly see exactly how depressing our anti-hack/crack methods are.

Here's one tip though...

"SPIT FAKES" most site's that spit fakes...they will stop the attack =)

------------------

• CelebrityDialers.com - 45-cents (webmasters) to 90-cents (resellers)
• Sometimes when i'm watching a sunrise..i think damn...That'd be a phat java applet!

[Incognito]

Quote:

Originally posted by pr0:
This post is inspired by an earlier post labled "Where can i get free passwords?".

I've been in the underground, i've seen how these little shits gain access to about 90% or more of your paysites. Chances are if you own a paysite, these guys have hit you atleast once.

What can you do to stop these guys?

- Learn from them!

Talk to them, act like your a fellow hacker & infiltrate their little hideouts.

Learn how to use their programs, learn how they get their exploits.....

Just take a little surf on over to www.deny.de , i happen to know the guy who runs that site "Friend of a Friend". So no one go harrassing this guy, he's just providing research material. If you wanna stop these assholes, the best way is to learn from them, then make sure your not vunerable to their attacks.


For more info or consulting...you can always icq me at #119040611

damn Donny Brasko...


How does a good billing together with a double login block script and an admin with his hands out of his ass sound?

My guess - much better...

[pr0]

Double login protection doesn't block shit. Most of the crackers are smart enough to use combo lists

I.E.

Damion4 ass22
Amber2:Amber


So they never ever hit the same login twice..& they give the pass to only 1 person at a time, so the double (real-time access) login feature doesnt mean shiznit either.


word!?!

P.S. im not donny brasco, i happen to be friends with some of the guys..& they know what i do for a living..we just live & let live so to speak =)


-pr0-



------------------

• CelebrityDialers.com - 45-cents (webmasters) to 90-cents (resellers)
• Sometimes when i'm watching a sunrise..i think damn...That'd be a phat java applet!

[pr0]

Oh yea..hehe

Its Brasco

[Incognito]

Hm..man...

It's really pretty simple.
If they distribute 1 username to many many surfers - than Your script against double login will block it.

If they get MANY usernames than either You got a hole in Your server the size of Your head or they used MANY stolen credit cards, which is a serious crime and will be dealt with even in Russia.

That's all.

[richard123]

In the end, though, what percentage of webmasters/admins/whatever even check logs and stuff? There's gotta be many many thousands of sites that are wide open.

So if they have trouble breakling into your site, they'll just hack into Joe Blow's site and get pretty much the same stuff anyways.

pr0 - you seem like an enterprising guy with some good connections. You should be able to work out how to prevent the vast majority of the hacks. Maybe you should set up a business based on it

Could you make money on it if you charged webmasters per prevented attack rather than a set monthly? Or maybe a combination?

[DamageX]

Quote:

Originally posted by Incognito:
If they get MANY usernames than either You got a hole in Your server the size of Your head or they used MANY stolen credit cards, which is a serious crime and will be dealt with even in Russia.

Tovarishtchi, I wouldn't bet on that. :> I've seen how they passed a law banning carding and everything in Romania and I've seen carders get away with it. Some still operate, in fact, quite a number. Corruption will prevent the law from being
implemented, IF they get caught. Chances are, if you've made a small fortune off of carding&hacking, as I've seen some make, you'll get away with it. 95% without even going to trial. Law-enforcement officers are just as corrupt as the politicians and judges, so if you stumble upon some guy who won't be bought, just step up a level. It's how it works and that's why we probably won't see an end to fraud originating from the former Sovjet block. Thank God I ain't operating a paysite.


------------------
Respect,
DamageX

[Incognito]

oh yeah...I heard they even sell drugs those politicians and prostitutes...
And all russian policemen are fucking MOB friends..

Sure.
Read a couple of books more and a few movies and You'll be fucking sure in that.

However it's a complete bullshit.
Dont know how it's in Romania.
In Russia they do really find and prosecute carders.

[pr0]

"It's really pretty simple.
If they distribute 1 username to many many surfers - than Your script against double login will block it."

Nothings simple in a constantly evolving internet. The way they distribute the passes is to only allow 1 user. They've got their game down as tight as you've got yours.

& yea i'd love to eventually set up a service providing webmasters/site owners security =) But first i'd like to learn alot more!

------------------

• CelebrityDialers.com - 45-cents (webmasters) to 90-cents (resellers)
• Why yes, that is a roll of quarters in my pants!

[Incognito]

Sorry my mistake.
Damn commies in my country cant ma tach enleise goodie nought not.

Cause bro we definetely got what da commie lingua sociale securitat name "languadge barrier"...


Man?
1. 1 login for many surfers = blocked instantly by script.
2. MANY logins for MANY surfers = kill Your admin or = CARDERS = submit to law enforcement.

Seems pretty easy for me.

[pr0]

You are the only one on this board that thinks its easy to stop crackers/carders. Maybe that should tell ya sumthin Incognito?

=)



------------------

• CelebrityDialers.com - 45-cents (webmasters) to 90-cents (resellers)
• Why yes, that is a roll of quarters in my pants!

[Incognito]

yeah...
You right.

That told me a lot.

[Username Already Taken]

Simple soultion:

Random passwords. Get a script that does a random password made out of small letters, caps and numbers. 12 digits. Let's see them match that =)

[Incognito]

Quote:

Originally posted by Username Already Taken:
Simple soultion:

Random passwords. Get a script that does a random password made out of small letters, caps and numbers. 12 digits. Let's see them match that =)

Got at least two better ones!
1. Dont give valid passes at all! Why should You? Thus no cancellations (imagine that! 90% of rebills) and no password share! Heh? No passwords - NO PROBLEMS!

2. Hire Pr0! The guy's gonna infiltrate! Just dont stop him at password sharers only! I'd suggest serious thinking about using his abilities in other fields too. Make the guy be Your IRS man! Let the guy be the man in FTC...Make him a BBBs agent for money's sake and Your local FBI dude...


P.S. Pr0 , do You know russian? In case You dont - I'll send over a text book, cause man I can help. I can help You all the real way...to infiltrate to THE TOP SECRET RUSSIAN WEBMASTERS COMMUNITY...No shit man...You'll even get a code name (Ivan Petrov) and a full time fully protected legend...Gonna play the role of russian bear trainer...heard they love that kind of things...

P.P.S. Gonna send over some japaneese books too. Cant make FULL INFILTRATIONS without that for sure. You'll be my man in Tokyo too...

[pet]

.

[This message has been edited by pet (edited 06-28-2001).]

[pr0]

haha...your a trip icognito & yes i do know russian , does this board support russian?

Japanese i don't know

I like the idea of not giving out passes at all...=)

And screw all the above organizations you spoke of...i dont care for any of them

------------------

• CelebrityDialers.com - 45-cents (webmasters) to 90-cents (resellers)
• ICQ# 119040611
• [email protected]
• Why yes, that is a roll of quarters in my pants!

[eAlex]

Mr.Krushchev said we will bury you...

[Incognito]

yeah ....but dont mind it really...the guy was simply to angry when he said it...
Probably Maxchash check bounced again...

[xxxjay]

I have been eaten http://www.stormfront.org/forum/