SITE OWNERS (ccbill) attention!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • gazool
    Confirmed User
    • Aug 2003
    • 779

    #1

    SITE OWNERS (ccbill) attention!

    Have you experienced "attacks" on your servers with 400+ password combinations... and the first or atleast one of the first attempts is going through?

    I'm talking about someone sitting on alot of correct passwords, who is just hitting sites to see if they are valid still...
    High Converting CCBILL Programs
    Amateur/CFNM -> http://www.boozedwomen.com/tour/
    Best Selling Granny Site -> http://www.excitedwives.com/tour/


    If I had a hammer....
  • Project-Shadow
    Confirmed User
    • Feb 2003
    • 7340

    #2
    If someone is hitting you and getting a tonne of correct hits i'd check your server logs.. someone might of found out where you keep your htpasswd and ccbill cgi's.

    Comment

    • SpaceAce
      Confirmed User
      • Jul 2002
      • 6493

      #3
      Originally posted by gazool
      Have you experienced "attacks" on your servers with 400+ password combinations... and the first or atleast one of the first attempts is going through?

      I'm talking about someone sitting on alot of correct passwords, who is just hitting sites to see if they are valid still...
      Are you saying that someone will brute your members area and out of 400 or so hits, at least one usually works? Is it always one of the first few?

      Sounds to me like someone just has a really good combo list. Many people (especially trial abusers, I think) use the same username and password combination everywhere so if you compromise a couple of CCBill sites OR if you just collect valid username/password combinations from password boards and IRC, you can build a combo list that can get you into a lot of the major sites.

      SpaceAce

      Comment

      • sweandy
        Confirmed User
        • Jan 2002
        • 422

        #4
        Pennywize

        Comment

        • gazool
          Confirmed User
          • Aug 2003
          • 779

          #5
          Thanks guys...

          This is not the case on my own sites... ( I do use Pennywise )
          This is the case on another non-enclosed site...
          The reason I'm asking is to see if this is more of a global problem, which means that the passwords are coming from somewhere higher in the system than the member-server...

          As to the Pennywise comment...
          Isn't it only if there is several unsuccessfull logins from the same IP that it will be blocked?

          I'm talking about someone hitting the nail almost everytime...

          There is no trial option and the passwords are strong...

          I'm leaning more towards Project-Shadow - but I dont know...
          High Converting CCBILL Programs
          Amateur/CFNM -> http://www.boozedwomen.com/tour/
          Best Selling Granny Site -> http://www.excitedwives.com/tour/


          If I had a hammer....

          Comment

          • William-Xfactor
            Confirmed User
            • Mar 2004
            • 299

            #6
            If they are getting stacks of working combinations
            They either found and decrypted the sites password file or one of a similar site

            Comment

            • svenski
              Confirmed User
              • Mar 2004
              • 227

              #7
              Verotel scripts can be a problem, as can sites with the older "standard" CCBill install.


              It might be nothing to do with a CCBill script, might be another vulnerable script on the server.

              As for passwords, there are files with hundreds of thousands of combinations to download and hurl at a site.

              If you use Pennywize it will at least help a bit as the 'hurler' will need to have quite a lot of unique ips to switch between to keep firing the usernames/password combos at your site.

              Comment

              Working...