latinasojourn

recently checking some google logs i notice one of my paysites on a hacker webpage devoted to "spoofing" and giving my ccbill login address.

ok, WTF is this, how is it done, and how can these jackoffs be kept out?

knowledgable advice requested.

thanks!

Young

something about faking the referring addy to get past the target site addy. I don't know how its done though.

__________________

latinasojourn

well, this is an eye-opener.

i would advise webmasters with popular paysites using ccbill to do a google search with the name of your paysite and the keyword "spoof" or "spoofing" and see what comes back.

digging deeper now.

latinasojourn

example:

alsscan.com spoof

i sense we have a serious issue here.

Harmon

Yeah. I think you spoof the referring page in order to gain access to members only pages. Make sure your .htaccess, .htpasswd, etc are all locked up tight. CCBill as a biller *USED* to have tons of security holes... I have no clue about now.

__________________
[email protected]

latinasojourn

thanks.

more info requested.

checking other paysites in google now:

blacksonblondes.com and keyword "spoof"

234 entries, many russian

lots of scammers getting a free ride.

now, how can these asswipes be stopped?

Young

thats not really an acurate way of doing it. and i don't think blacksonblondes.com can be spoofed. its only certain sites and certain content stream providers that use referrer ID's.

__________________

latinasojourn

well i'm digging for info right now.

big problem for paysite owners, here's a post i see on a "spoofer" message board:
hahahahahahahahahahahahahahahaha
Originally Posted by MadUstasa
Dude, the entire Max Hardcore site, all the movies from Private, Canadian Amateurs, CelebFlix, Deepthroat sites etc etc. 1000's of hardcore membersites!

Just type in what you want and it's there

HOLY SHIT! The entire GGG(German Goo Girls) membersite is available
hahahahahahahahahahahahahahahaha

these kids are breaking into lots of sites. the question is, how can it be stopped?

Harmon

Seriously STFU. It's been going on for YEARS man. It's not like you just discovered that crackers can exploit their way into your members only areas, or brute force passes until they get a hit. This is old news. The only solution is to stay one step ahead of them and tighten up your security. There are a gazillion ways to do it... search Google and do what you need to do

__________________
[email protected]

latinasojourn

ok, whatever. i already have very good protection on brute force attacks and multiple identical passwords, but this variant of spoofing is a new problem for me, and yes, i do make a living running paysites.

of course this is no big deal if you don't run paysites, and thanks for your knowledgable input

anyway, if any paysite owners are interested in this here's how the kids are getting into your sites:

http://refspoof.mozdev.org/installation.html

and now, i am working on the solution.

nastyking

latinasofjourn? Do you allow access to your members area from certain Sites (Referrers) without a password?

If no .. then you should have no problem

__________________

Tat2Jr

Wait a second..... this seems to be a business related thread.... what the hell is a business thread doing here on GFY? ;)

__________________
NICHE MONEY >> Ass Worship • Panties • Solo Teen • Pantyhose
Serving up exclusive fetish sites since 1997!

latinasojourn

no, but they get in occasionally.

now ccbill generates a little page---"welcome to -----" when a member signs up, and his cc is approved.

still researching, but i believe they are accessing this url then "spoofing" the referreral URL to gain access.

still looking into the mechanics of it.

i believe the fix will involve ccbill. still working on this.

this issue is NOT the same as password hacking or brute force attack.

nastyking

if it's a CCBill vulnerability there is nothing you can do about it.

What is the URL of the webpage you mentioned in your first post?

__________________