Stop Brute Foce Attacks Without spending a dime 100% effective - GoFuckYourself.com

Fridginator · 10-04-2001, 10:48 PM

Why spend money on programs like pennywise to prevent brute force attacks??? (well actually pennywise is free now but anyway)
All you need to know is how the brute force programs themselves work...
Just place your members index page in a frame page that is NOT password protected. now make the top frame invisible opening a blank page (doesnt matter because your members cant see it) make the bottom page link to your members page which IS password protected. This will confuse the HELL out of the bruteforcing programs (they wont even get one attempt off) Next using java do not allow any right clicking, and hide your page source.... Thats it your site is now Brute force attack proof!!! Anyone who finds this information helpful say thank you in here (so i get the dvd player LMAO) and if you really like the info link to my site http://www.xxxorgygirls.com

[This message has been edited by Fridginator (edited 10-04-2001).]

Amputate Your Head · 10-04-2001, 10:55 PM

Interesting... but what's to prevent getting the url to the bottom page, loading it directly, and bypassing the frameset? (this alone does not pose unauthorized entrance to the protected area, but nullifys the frameset for bruteforce purposes)

Fridginator · 10-04-2001, 10:56 PM

thats the beauty of java baby!! just have a scrolling banner down there! and thats why first you hide your page source then they can get you sources of the frames secondly using java you put the scrolling text on the bottom and disable right clicking

[This message has been edited by Fridginator (edited 10-04-2001).]

Amputate Your Head · 10-04-2001, 11:02 PM

??? You lost me... one way or another, you gotta have a doorway for members to go through... whatever that page is, I can find the url for it.... if the url for that entrance can be found, the frameset can be bypassed... how does a scrolling banner have anything to do with it? Am I missing something crucial in the formula...?

Fridginator · 10-04-2001, 11:12 PM

Ok as I said first your frameset will not be password protected. The top frame is to be invisible and loading a blank frame. The second (bottom) frame is to be linked to your members area. Now all the program/visitor sees is the frameset name not your members area url because that is just loading in a frame. Now there are only two ways a hacker can find out where your true members section is first is by opening the pages source. To avoid this there are java scripts/codes out there that hide the page source. The second is by right clicking on an image and find its url... thats why you forbid right clicking (again with java) The last way is by the hacker watching the bottom of the navigator to see where everything is loading from.... Stop this by using scrolling texts at the bottom of the frame page

Hows that or should i create an example?

Amputate Your Head · 10-04-2001, 11:18 PM

I see what you're saying... I use scrolling text in my status bars as well, just to cover my blind links... but I haven't seen anything yet that can completely hide the source. Disabling "right click" only stops newbie surfers... not guys using bruteforce proggys. If you whip up a generic example, I promise I can find your url...

Fridginator · 10-04-2001, 11:25 PM

check back in 10 minutes ill have it

Amputate Your Head · 10-04-2001, 11:36 PM

Ahhh... I love a good challenge...

Anyone wanna place your bets? Now's the time....

Itchy · 10-05-2001, 12:00 AM

$10 on Amp

Cerbernetic · 10-06-2001, 02:59 PM

Been away for a bit, but I had to reply to this

Security through obscurity doesnt work.

All I have to do is use a simple program which gets the url without displaying the html as html, but shows it as plain text.

I then see your frame src tags.

I then look at each one in turn and load each using the same program till I get a HTTP/1.0 401 Unauthorized response.

Bam

Give me your main url I guarantee a way in in 5 minutes

.

Sorry if I destroyed any illusions...security IS an illusion 99% of the time

Amputate Your Head · 10-06-2001, 03:05 PM

...and people keep telling me I'm out of my mind...

Cerbernetic · 10-06-2001, 03:13 PM

I must add though that this does make the crackers job harder - which perhaps makes it worth a go...every little counts.

Amputate Your Head · 10-06-2001, 03:17 PM

Well, it's like I say for any type of lock... locks for your car... locks for your house... doesn't matter. Locks keep out the honest people. If someone wants in bad enough, they'll get in.

Cerbernetic · 10-06-2001, 03:34 PM

Hehe

True...but then a good choice of a lock which isnt obtrusive can very often keep 99% of the bad folks out while not driving the good folks mad.

10-04-2001, 10:48 PM	#1
Fridginator Registered User Join Date: Sep 2001 Location: raymond, nh, 03077 Posts: 12	Stop Brute Foce Attacks Without spending a dime 100% effective Why spend money on programs like pennywise to prevent brute force attacks??? (well actually pennywise is free now but anyway) All you need to know is how the brute force programs themselves work... Just place your members index page in a frame page that is NOT password protected. now make the top frame invisible opening a blank page (doesnt matter because your members cant see it) make the bottom page link to your members page which IS password protected. This will confuse the HELL out of the bruteforcing programs (they wont even get one attempt off) Next using java do not allow any right clicking, and hide your page source.... Thats it your site is now Brute force attack proof!!! Anyone who finds this information helpful say thank you in here (so i get the dvd player LMAO) and if you really like the info link to my site http://www.xxxorgygirls.com [This message has been edited by Fridginator (edited 10-04-2001).]

10-04-2001, 10:55 PM	#2
Amputate Your Head There can be only one Industry Role: Join Date: Aug 2001 Location: Somewhere else Posts: 39,075	Interesting... but what's to prevent getting the url to the bottom page, loading it directly, and bypassing the frameset? (this alone does not pose unauthorized entrance to the protected area, but nullifys the frameset for bruteforce purposes)

10-04-2001, 10:56 PM	#3
Fridginator Registered User Join Date: Sep 2001 Location: raymond, nh, 03077 Posts: 12	thats the beauty of java baby!! just have a scrolling banner down there! and thats why first you hide your page source then they can get you sources of the frames secondly using java you put the scrolling text on the bottom and disable right clicking [This message has been edited by Fridginator (edited 10-04-2001).]

10-04-2001, 11:02 PM	#4
Amputate Your Head There can be only one Industry Role: Join Date: Aug 2001 Location: Somewhere else Posts: 39,075	??? You lost me... one way or another, you gotta have a doorway for members to go through... whatever that page is, I can find the url for it.... if the url for that entrance can be found, the frameset can be bypassed... how does a scrolling banner have anything to do with it? Am I missing something crucial in the formula...?

10-04-2001, 11:12 PM	#5
Fridginator Registered User Join Date: Sep 2001 Location: raymond, nh, 03077 Posts: 12	Ok as I said first your frameset will not be password protected. The top frame is to be invisible and loading a blank frame. The second (bottom) frame is to be linked to your members area. Now all the program/visitor sees is the frameset name not your members area url because that is just loading in a frame. Now there are only two ways a hacker can find out where your true members section is first is by opening the pages source. To avoid this there are java scripts/codes out there that hide the page source. The second is by right clicking on an image and find its url... thats why you forbid right clicking (again with java) The last way is by the hacker watching the bottom of the navigator to see where everything is loading from.... Stop this by using scrolling texts at the bottom of the frame page Hows that or should i create an example?

10-04-2001, 11:18 PM	#6
Amputate Your Head There can be only one Industry Role: Join Date: Aug 2001 Location: Somewhere else Posts: 39,075	I see what you're saying... I use scrolling text in my status bars as well, just to cover my blind links... but I haven't seen anything yet that can completely hide the source. Disabling "right click" only stops newbie surfers... not guys using bruteforce proggys. If you whip up a generic example, I promise I can find your url...

10-04-2001, 11:25 PM	#7
Fridginator Registered User Join Date: Sep 2001 Location: raymond, nh, 03077 Posts: 12	check back in 10 minutes ill have it

10-04-2001, 11:36 PM	#8
Amputate Your Head There can be only one Industry Role: Join Date: Aug 2001 Location: Somewhere else Posts: 39,075	Ahhh... I love a good challenge... Anyone wanna place your bets? Now's the time....

10-05-2001, 12:00 AM	#9
Itchy Datetronix.com Industry Role: Join Date: Jan 2001 Location: Chill-A-Wack BC Posts: 6,524	$10 on Amp

10-06-2001, 02:59 PM	#10
Cerbernetic Registered User Join Date: Sep 2001 Posts: 4	Been away for a bit, but I had to reply to this Security through obscurity doesnt work. All I have to do is use a simple program which gets the url without displaying the html as html, but shows it as plain text. I then see your frame src tags. I then look at each one in turn and load each using the same program till I get a HTTP/1.0 401 Unauthorized response. Bam Give me your main url I guarantee a way in in 5 minutes . Sorry if I destroyed any illusions...security IS an illusion 99% of the time

10-06-2001, 03:05 PM	#11
Amputate Your Head There can be only one Industry Role: Join Date: Aug 2001 Location: Somewhere else Posts: 39,075	...and people keep telling me I'm out of my mind...

10-06-2001, 03:13 PM	#12
Cerbernetic Registered User Join Date: Sep 2001 Posts: 4	I must add though that this does make the crackers job harder - which perhaps makes it worth a go...every little counts.

10-06-2001, 03:17 PM	#13
Amputate Your Head There can be only one Industry Role: Join Date: Aug 2001 Location: Somewhere else Posts: 39,075	Well, it's like I say for any type of lock... locks for your car... locks for your house... doesn't matter. Locks keep out the honest people. If someone wants in bad enough, they'll get in.

10-06-2001, 03:34 PM	#14
Cerbernetic Registered User Join Date: Sep 2001 Posts: 4	Hehe True...but then a good choice of a lock which isnt obtrusive can very often keep 99% of the bad folks out while not driving the good folks mad.