spoofing to get into paysites, some of you guys are getting hacked - GoFuckYourself.com

latinasojourn · 03-01-2005, 04:45 PM

ok, i realize that probably the majority of surfers here are not paysite owners, so few people give a shit about this.

but let me explain something.

if surfers do not have to pay for content if has a ripple effect on everyone who does BUSINESS here.

let me explain.

all of our income comes from surfers, either directly or indirectly---if surfers don't buy memberships we ALL suffer, content producers, traffic jockeys, affiliates, everyone.

and this shit ain't my hobby.

now a german guy wrong a very effective hack to get into paysite member areas---if you OWN paysites i suggest you go to google and use the keywords: "www.mydomain.com" and "spoof" and if anything comes back you are getting free riders.

if this is the case, and you also use ccbill, i am working with ccbill right now to implement the fix for this.

and if you own a paysite (and i can verify it) post your contact info here and i'll send you the link to download this hack utility and you can try it on your own paysites---and the results will scare you into doing something about it.

i will not post the link here.

latinasojourn · 03-01-2005, 05:10 PM

NO, paysite owners if you see you have a vulnerability to this do NOT post your contact info here for every hacker to start probing your sites.

send me an email with your email address to a domain name you control ([email protected]) etc., and i will send you the link to this hacker utility.

i hope no one will post the link here, but maybe some idiot will.

get the info you need to tighten up your member areas:

[email protected]

i'll monitor this email for a few days only. have a good day

nastyking · 03-01-2005, 05:35 PM

just for your information: this affects mostly paysite plugins, as they use the referrer for authentication but most normal paysites do NOT.

fris · 03-01-2005, 05:37 PM

thanks for the info n00b

most of us already know about this.

if feed A. gives access to site B.

you just have to spoof the ref and target.

most of us already know this.

toddler · 03-01-2005, 05:39 PM

Quote:

Originally Posted by fris

thanks for the info n00b

most of us already know about this.

if feed A. gives access to site B.

you just have to spoof the ref and target.

most of us already know this.

and do nothing about it....

latinasojourn · 03-01-2005, 05:41 PM

does not affect only guys carrying feeds.

nastyking · 03-01-2005, 05:50 PM

Quote:

Originally Posted by toddler

and do nothing about it....

there is not much you can do about it

nastyking · 03-01-2005, 05:51 PM

Quote:

Originally Posted by latinasojourn

does not affect only guys carrying feeds.

bla

MGibson · 03-01-2005, 06:47 PM

Actually just go to google.com and type in

www.site.com password ?

or soandsoscript.zip nullified

50 trillion backdoors and nullified scripts.

Fake Nick · 03-01-2005, 06:50 PM

its all about target audience , if you dont know this you prolly are NOT making any $$$$$

just a punk · 03-01-2005, 07:13 PM

Spoofs work on weak-protected sites that check referrer URL by means of .htaccess file. Normal paysites are protected with .htpasswd file and they can't be spoofed at all. For example, try to spoof one of my sites and you'll be fucked up.

03-01-2005, 04:45 PM	#1
latinasojourn Confirmed User Join Date: Oct 2003 Posts: 3,191	spoofing to get into paysites, some of you guys are getting hacked ok, i realize that probably the majority of surfers here are not paysite owners, so few people give a shit about this. but let me explain something. if surfers do not have to pay for content if has a ripple effect on everyone who does BUSINESS here. let me explain. all of our income comes from surfers, either directly or indirectly---if surfers don't buy memberships we ALL suffer, content producers, traffic jockeys, affiliates, everyone. and this shit ain't my hobby. now a german guy wrong a very effective hack to get into paysite member areas---if you OWN paysites i suggest you go to google and use the keywords: "www.mydomain.com" and "spoof" and if anything comes back you are getting free riders. if this is the case, and you also use ccbill, i am working with ccbill right now to implement the fix for this. and if you own a paysite (and i can verify it) post your contact info here and i'll send you the link to download this hack utility and you can try it on your own paysites---and the results will scare you into doing something about it. i will not post the link here.

03-01-2005, 05:35 PM	#3
nastyking Join Date: Nov 2002 Posts: 2,174	just for your information: this affects mostly paysite plugins, as they use the referrer for authentication but most normal paysites do NOT. __________________

03-01-2005, 05:37 PM	#4
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,372	thanks for the info n00b most of us already know about this. if feed A. gives access to site B. you just have to spoof the ref and target. most of us already know this. __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

03-01-2005, 07:13 PM	#11
just a punk So fuckin' bored Industry Role: Join Date: Jun 2003 Posts: 32,386	Spoofs work on weak-protected sites that check referrer URL by means of .htaccess file. Normal paysites are protected with .htpasswd file and they can't be spoofed at all. For example, try to spoof one of my sites and you'll be fucked up. __________________ Obey the Cowgod

03-01-2005, 05:10 PM	#2
latinasojourn Confirmed User Join Date: Oct 2003 Posts: 3,191	NO, paysite owners if you see you have a vulnerability to this do NOT post your contact info here for every hacker to start probing your sites. send me an email with your email address to a domain name you control ([email protected]) etc., and i will send you the link to this hacker utility. i hope no one will post the link here, but maybe some idiot will. get the info you need to tighten up your member areas: [email protected] i'll monitor this email for a few days only. have a good day

03-01-2005, 05:41 PM	#6
latinasojourn Confirmed User Join Date: Oct 2003 Posts: 3,191	does not affect only guys carrying feeds.

03-01-2005, 06:47 PM	#9
MGibson So Fucking Banned Join Date: Jan 2005 Posts: 772	Actually just go to google.com and type in www.site.com password ? or soandsoscript.zip nullified 50 trillion backdoors and nullified scripts.

03-01-2005, 06:50 PM	#10
Fake Nick So Fucking Banned Join Date: Jul 2004 Location: go troll goo! Posts: 7,708	its all about target audience , if you dont know this you prolly are NOT making any $$$$$