Too Much Media seeks beta testers for SPARTA - members area protection/auth program - GoFuckYourself.com

TMM_John · 06-11-2005, 11:26 AM

Too Much Media, the makers of NATS, are currently seeking a few people to beta test our newest application, SPARTA.

SPARTA is an Apache Module which takes over the work systems such as mod_auth or the like normaly handle. It does NOT use HTTP auth for authentication, but instead uses a 128bit session key which stores user data. It also lowers load on your servers by not checking the password on every single connection, but instead only periodically. Of course SPARTA also includes anti password sharing and anti brute force measures to benefit the specific needs of adult industry.

Logins take place via a normal HTML form rather than the popup box provided by HTTP auth. In addition to the username and password fields you may add a verification string in an image. This is the random string of letters shown as an image that a user must type in order to login. You often see this on the registration forms of many sites to avoid repeated automated registrations. Now this can be used to greatly reduce abuse by brute force hacking, etc.

A sample verification string image similiar to what would be shown on the login page and typed by the user along with their username and password to login:

With the use of session auth rather than HTTP auth the viewing of videos by a member will be made easier. The video player will no longer have to ask the user to login again and reauthorize them when they try to view a video.

Currently while in testing SPARTA only supports apache v1. v2 will be fully supported once testing is finalized.

We are looking for roughtly 3-5 beta testers who will receive lifetime use of the program for free.

Any feedback or feature suggestions from anyone at all is greatly appreciated.

You do not need NATS in order to use SPARTA. However if you are a NATS customer SPARTA will communicate with NATS to simplify and expand member management. Login statistics and other valuable data and features will be provided to NATS by SPARTA and vice versa. For example, fraud scores will increase for resellers with a higher than normal percentage of members that do not login and SPARTA will log everything associated with a member in his surfer stats inside of NATS.

Another benefit to using sessions instead of HTTP auth for member authentication is that the session can carry data other than simply username and password. If you are a NATS user along with SPARTA once a member logs in you will have access to his Name, Zip Code, Join Date, etc. within your members area to further personalize and enhance the member's experience.

If you are interested in beta testing this program please contact albright * toomuchmedia * com and I will be back in touch with you on Monday or Tuesday or feel free to icq me over the weekend at 5596373.

Thanks everyone!

taibo · 06-11-2005, 11:35 AM

good stuff

Doctor Dre · 06-11-2005, 11:39 AM

Looks like I'l be testing this one

nudecanada · 06-11-2005, 11:43 AM

When users are logged in is it as a session that expires after "x" amount of hours? Would be nice to see a solid solution to stop site rippers.

Nathan · 06-11-2005, 11:45 AM

Quote:

Originally Posted by nudecanada

When users are logged in is it as a session that expires after "x" amount of hours? Would be nice to see a solid solution to stop site rippers.

The session will be reauthenticated every X seconds (you can set that), and if it is unused for Y seconds it will disappear, yes.

If you have some ideas regarding site ripping, let us know, would gladly integrate it

ShaneRyale · 06-11-2005, 11:59 AM

Hitting you up now Nathan.

Trax · 06-11-2005, 12:32 PM

sounds like this could be a nice piece of code ;)

nudecanada · 06-11-2005, 01:22 PM

Quote:

Originally Posted by Nathan

The session will be reauthenticated every X seconds (you can set that), and if it is unused for Y seconds it will disappear, yes.

If you have some ideas regarding site ripping, let us know, would gladly integrate it

I know there is a login script that plants a cookie once the member logs in, and you can set the cookie to expire in a certain amount of time so the user has to log in again. It seems like a good idea, but if a member has cookies disabled it won't work. You also have to install an apache module on the server in order for it to work, which some people may not be able to do if they are virt. hosting.

But something like that that works for every browser etc. would be great. I've seen a few other attempts to stop site rippers, but they seem more of a bandaid than an actual solution.

It would be difficult to completely stop, but if you make it enough of a PITA for a ripper to download your members area, he will probably just move on to another site.

nudecanada · 06-11-2005, 01:28 PM

Couple more suggestions.

You should code a control panel to change thresholds, add new member areas, new sites etc. rather than having to edit a perl script or config file for each domain through ssh etc.

Also, being able to have certain domains access the members areas would be a good idea too. Setting a token or something similar would kick butt as using referring headers is a bad idea.

Nathan · 06-11-2005, 01:29 PM

Quote:

Originally Posted by nudecanada

I know there is a login script that plants a cookie once the member logs in, and you can set the cookie to expire in a certain amount of time so the user has to log in again. It seems like a good idea, but if a member has cookies disabled it won't work. You also have to install an apache module on the server in order for it to work, which some people may not be able to do if they are virt. hosting.

But something like that that works for every browser etc. would be great. I've seen a few other attempts to stop site rippers, but they seem more of a bandaid than an actual solution.

It would be difficult to completely stop, but if you make it enough of a PITA for a ripper to download your members area, he will probably just move on to another site.

The only real way of doing something like this would be to limit bandwidth the client can use, and that is not easy...

I will definately think about it though.

Mainly though, SPARTA is for authenticating members and for making sure passwords are secure.

Nathan · 06-11-2005, 01:31 PM

Quote:

Originally Posted by nudecanada

Couple more suggestions.

You should code a control panel to change thresholds, add new member areas, new sites etc. rather than having to edit a perl script or config file for each domain through ssh etc.

Also, being able to have certain domains access the members areas would be a good idea too. Setting a token or something similar would kick butt as using referring headers is a bad idea.

SPARTA is an apache module, turning it on for any virtual server is fairly straight-forward. Because of the nature of being a html based login page, you have to setup at least that page though to make it work.

There will of course be a control panel for thresholds, either standalone or if you have NATS it would be an option in NATS.

Regarding the token stuff, I am looking into the best solution to let "friendly" surfers in unauthorized, but it of course always is some kind of a security risk. But I am looking...

TMM_John · 06-12-2005, 12:16 AM

*3am bump*

Matt_WildCash · 06-12-2005, 01:02 AM

We are a bit busy to beta test it John sorry but when you release it we'll probably buy it. You guys code up the best products! Look forward to trying the final version.

$pikes · 06-12-2005, 01:18 AM

John/Nathan.. I posted a ticket on this. Thanks!

SGS · 06-12-2005, 01:39 AM

And this will be a reliable option on bigger load balance setups?

Very interested to know more.

Makingcoin · 06-12-2005, 02:04 AM

Sounds good guys!

BlueDesignStudios · 06-12-2005, 02:11 AM

Bump for PBucksJohn

Nathan · 06-12-2005, 02:31 AM

Quote:

Originally Posted by SGS

And this will be a reliable option on bigger load balance setups?

Very interested to know more.

Yes, we are currently making sure that a multi-server environment will be no problem for it.

The most important thing for us is performance, so multi-server possabilities is obviously a must.

The system is 100% apache module, no rewrite rules, no perl scripts, or anything like that. The only thing that is not in the module is the actual login page, that one can be any programming language you can dream of, the system does not care.

SGS · 06-12-2005, 03:43 AM

Quote:

Originally Posted by Nathan

Yes, we are currently making sure that a multi-server environment will be no problem for it.

The most important thing for us is performance, so multi-server possabilities is obviously a must.

The system is 100% apache module, no rewrite rules, no perl scripts, or anything like that. The only thing that is not in the module is the actual login page, that one can be any programming language you can dream of, the system does not care.

Great news and as soon as its ready to roll please do hit me up on ICQ: 337 208 349 or email: office 'at' sgs-webmedia 'dot' com we would like to be one of your first customers please.

Nathan · 06-12-2005, 07:59 AM

Quote:

Originally Posted by SGS

Great news and as soon as its ready to roll please do hit me up on ICQ: 337 208 349 or email: office 'at' sgs-webmedia 'dot' com we would like to be one of your first customers please.

added you to icq..

SGS · 06-12-2005, 11:54 AM

Quote:

Originally Posted by Nathan

added you to icq..

Thanks.

FreshChecks · 06-12-2005, 12:30 PM

excellent

06-11-2005, 11:26 AM	#1
TMM_John Confirmed User Industry Role: Join Date: May 2004 Posts: 6,660	Too Much Media seeks beta testers for SPARTA - members area protection/auth program Too Much Media, the makers of NATS, are currently seeking a few people to beta test our newest application, SPARTA. SPARTA is an Apache Module which takes over the work systems such as mod_auth or the like normaly handle. It does NOT use HTTP auth for authentication, but instead uses a 128bit session key which stores user data. It also lowers load on your servers by not checking the password on every single connection, but instead only periodically. Of course SPARTA also includes anti password sharing and anti brute force measures to benefit the specific needs of adult industry. Logins take place via a normal HTML form rather than the popup box provided by HTTP auth. In addition to the username and password fields you may add a verification string in an image. This is the random string of letters shown as an image that a user must type in order to login. You often see this on the registration forms of many sites to avoid repeated automated registrations. Now this can be used to greatly reduce abuse by brute force hacking, etc. A sample verification string image similiar to what would be shown on the login page and typed by the user along with their username and password to login: With the use of session auth rather than HTTP auth the viewing of videos by a member will be made easier. The video player will no longer have to ask the user to login again and reauthorize them when they try to view a video. Currently while in testing SPARTA only supports apache v1. v2 will be fully supported once testing is finalized. We are looking for roughtly 3-5 beta testers who will receive lifetime use of the program for free. Any feedback or feature suggestions from anyone at all is greatly appreciated. You do not need NATS in order to use SPARTA. However if you are a NATS customer SPARTA will communicate with NATS to simplify and expand member management. Login statistics and other valuable data and features will be provided to NATS by SPARTA and vice versa. For example, fraud scores will increase for resellers with a higher than normal percentage of members that do not login and SPARTA will log everything associated with a member in his surfer stats inside of NATS. Another benefit to using sessions instead of HTTP auth for member authentication is that the session can carry data other than simply username and password. If you are a NATS user along with SPARTA once a member logs in you will have access to his Name, Zip Code, Join Date, etc. within your members area to further personalize and enhance the member's experience. If you are interested in beta testing this program please contact albright * toomuchmedia * com and I will be back in touch with you on Monday or Tuesday or feel free to icq me over the weekend at 5596373. Thanks everyone! __________________ Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS!

06-11-2005, 11:59 AM	#6
ShaneRyale Confirmed User Join Date: Mar 2004 Posts: 961	Hitting you up now Nathan. __________________ Shane - Affiliate Manager [email protected] ICQ: 170164556 See Who I Am At AdultWhosWho.com!

06-12-2005, 12:16 AM	#12
TMM_John Confirmed User Industry Role: Join Date: May 2004 Posts: 6,660	3am bump __________________ Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS!

06-12-2005, 01:18 AM	#14
$pikes Confirmed User Join Date: Jun 2002 Location: Los Angeles Posts: 1,055	John/Nathan.. I posted a ticket on this. Thanks! __________________ SMASHBUCKS Paying webmasters on time since 2001 Joe Spikes - ICQ: 160069266

06-12-2005, 01:39 AM	#15
SGS Confirmed User Industry Role: Join Date: Dec 2002 Location: Mallorca - Nottingham Posts: 5,176	And this will be a reliable option on bigger load balance setups? Very interested to know more. __________________ See sig...

06-11-2005, 11:35 AM	#2
taibo Confirmed User Join Date: May 2005 Posts: 3,720	good stuff

06-11-2005, 11:43 AM	#4
nudecanada Confirmed User Join Date: Jan 2004 Location: Canada Posts: 793	When users are logged in is it as a session that expires after "x" amount of hours? Would be nice to see a solid solution to stop site rippers.

06-11-2005, 12:32 PM	#7
Trax [----------------------] Join Date: Aug 2001 Posts: 14,486	sounds like this could be a nice piece of code ;)

06-11-2005, 01:28 PM	#9
nudecanada Confirmed User Join Date: Jan 2004 Location: Canada Posts: 793	Couple more suggestions. You should code a control panel to change thresholds, add new member areas, new sites etc. rather than having to edit a perl script or config file for each domain through ssh etc. Also, being able to have certain domains access the members areas would be a good idea too. Setting a token or something similar would kick butt as using referring headers is a bad idea.

06-12-2005, 01:02 AM	#13
Matt_WildCash Confirmed User Join Date: Jan 2003 Posts: 1,699	We are a bit busy to beta test it John sorry but when you release it we'll probably buy it. You guys code up the best products! Look forward to trying the final version.

06-12-2005, 02:04 AM	#16
Makingcoin Confirmed User Join Date: Aug 2002 Location: The Ditch Posts: 8,919	Sounds good guys! __________________ www.MAKINGCOIN.com icq. 166-662-831 "Start making large coin!" Daddy I Get Paid To Be A Whore - Coming Soon

06-12-2005, 02:11 AM	#17
BlueDesignStudios Confirmed User Industry Role: Join Date: Feb 2003 Location: Australia Posts: 9,492	Bump for PBucksJohn __________________ Blue Design Studios - Adult Design Specialists! Email me for a free quote: [email protected]

06-12-2005, 12:30 PM	#22
FreshChecks Confirmed User Join Date: Dec 2004 Posts: 210	excellent __________________ SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, you may use a 624x80 instead of a 120x60. Let me repeat... A 120 x 60 button and no more that 3 lines of DEFAULT SIZE AND COLOR text.