what is "spoofing" and is this a ccbill security issue?

[latinasojourn]

recently checking some google logs i notice one of my paysites on a hacker webpage devoted to "spoofing" and giving my ccbill login address.

ok, WTF is this, how is it done, and how can these jackoffs be kept out?

knowledgable advice requested.

thanks!

[Young]

something about faking the referring addy to get past the target site addy. I don't know how its done though.

[latinasojourn]

well, this is an eye-opener.

i would advise webmasters with popular paysites using ccbill to do a google search with the name of your paysite and the keyword "spoof" or "spoofing" and see what comes back.

digging deeper now.

[latinasojourn]

example:

alsscan.com spoof

i sense we have a serious issue here.

[Harmon]

Yeah. I think you spoof the referring page in order to gain access to members only pages. Make sure your .htaccess, .htpasswd, etc are all locked up tight. CCBill as a biller *USED* to have tons of security holes... I have no clue about now.

[latinasojourn]

thanks.

more info requested.

checking other paysites in google now:

blacksonblondes.com and keyword "spoof"

234 entries, many russian

lots of scammers getting a free ride.

now, how can these asswipes be stopped?

[Young]

thats not really an acurate way of doing it. and i don't think blacksonblondes.com can be spoofed. its only certain sites and certain content stream providers that use referrer ID's.

[latinasojourn]

well i'm digging for info right now.

big problem for paysite owners, here's a post i see on a "spoofer" message board:
hahahahahahahahahahahahahahahaha
Originally Posted by MadUstasa
Dude, the entire Max Hardcore site, all the movies from Private, Canadian Amateurs, CelebFlix, Deepthroat sites etc etc. 1000's of hardcore membersites!

Just type in what you want and it's there

HOLY SHIT! The entire GGG(German Goo Girls) membersite is available
hahahahahahahahahahahahahahahaha

these kids are breaking into lots of sites. the question is, how can it be stopped?

[Harmon]

Quote:

Originally Posted by latinasojourn

well i'm digging for info right now.

big problem for paysite owners, here's a post i see on a "spoofer" message board:
hahahahahahahahahahahahahahahaha
Originally Posted by MadUstasa
Dude, the entire Max Hardcore site, all the movies from Private, Canadian Amateurs, CelebFlix, Deepthroat sites etc etc. 1000's of hardcore membersites!

Just type in what you want and it's there

HOLY SHIT! The entire GGG(German Goo Girls) membersite is available
hahahahahahahahahahahahahahahaha

these kids are breaking into lots of sites. the question is, how can it be stopped?

Seriously STFU. It's been going on for YEARS man. It's not like you just discovered that crackers can exploit their way into your members only areas, or brute force passes until they get a hit. This is old news. The only solution is to stay one step ahead of them and tighten up your security. There are a gazillion ways to do it... search Google and do what you need to do

[latinasojourn]

Quote:

Originally Posted by Harmon

Seriously STFU. It's been going on for YEARS man. It's not like you just discovered that crackers can exploit their way into your members only areas, or brute force passes until they get a hit. This is old news. The only solution is to stay one step ahead of them and tighten up your security. There are a gazillion ways to do it... search Google and do what you need to do

ok, whatever. i already have very good protection on brute force attacks and multiple identical passwords, but this variant of spoofing is a new problem for me, and yes, i do make a living running paysites.

of course this is no big deal if you don't run paysites, and thanks for your knowledgable input

anyway, if any paysite owners are interested in this here's how the kids are getting into your sites:

http://refspoof.mozdev.org/installation.html

and now, i am working on the solution.

[nastyking]

latinasofjourn? Do you allow access to your members area from certain Sites (Referrers) without a password?

If no .. then you should have no problem

[Tat2Jr]

Wait a second..... this seems to be a business related thread.... what the hell is a business thread doing here on GFY? ;)

[latinasojourn]

Quote:

Originally Posted by nastyking

latinasofjourn? Do you allow access to your members area from certain Sites (Referrers) without a password?

If no .. then you should have no problem

no, but they get in occasionally.

now ccbill generates a little page---"welcome to -----" when a member signs up, and his cc is approved.

still researching, but i believe they are accessing this url then "spoofing" the referreral URL to gain access.

still looking into the mechanics of it.

i believe the fix will involve ccbill. still working on this.

this issue is NOT the same as password hacking or brute force attack.

[nastyking]

if it's a CCBill vulnerability there is nothing you can do about it.

What is the URL of the webpage you mentioned in your first post?