Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 06-13-2005, 11:38 PM   #1
Mutt
Too lazy to set a custom title
 
Mutt's Avatar
 
Industry Role:
Join Date: Sep 2002
Posts: 34,431
Mysteriously Added Usernames

Here's the situation - there's a member, legitimate member, has signed up through CCBILL, he's been cancelled twice for being a pain in the ass - he logs in from 3 or 4 different IP addresses - the mystery is that he seems to have the ability to create new username/passwords to login once he's been cancelled - these new usernames don't show up in CCBILL's admin(not a cancelled member, not a manually added signup, not an active member,nothing) or Paycom's as a member. Anybody know what this guy could be doing to add new usernames for himself? This are now two usernames he has that CCBILL and Paycom don't show.

thanks
__________________
I moved my sites to Vacares Hosting. I've saved money, my hair is thicker, lost some weight too! Thanks Sly!
Mutt is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-13-2005, 11:40 PM   #2
AlienQ - BANNED FOR LIFE
best designer on GFY
 
AlienQ - BANNED FOR LIFE's Avatar
 
Join Date: Mar 2003
Location: IALIEN.COM - High Definition Video and Photographic Productions -ICQ 78943384
Posts: 30,307
Get Strongbox
AlienQ - BANNED FOR LIFE is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-13-2005, 11:54 PM   #3
Matt 26z
So Fucking Banned
 
Industry Role:
Join Date: Apr 2002
Location: ¤ª"˜¨๑۩۞۩๑¨˜"ª¤
Posts: 18,481
Could be SQL code injection.

http://www.sitepoint.com/article/sql...n-attacks-safe
Matt 26z is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-13-2005, 11:56 PM   #4
nofx
Too lazy to set a custom title
 
Join Date: Nov 2002
Location: Virgin Mary's womb
Posts: 16,826
I would just blame Jesus
__________________

Often times I wonder why
There's love and hate, theres live or die.
When sickness comes I must decide:
When feelings go, theres suicide.
nofx is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-13-2005, 11:59 PM   #5
AsianDivaGirlsWebDude
Purveyor, Fine Asian Porn
 
AsianDivaGirlsWebDude's Avatar
 
Industry Role:
Join Date: Jul 2004
Location: San Francisco Bay Area
Posts: 38,323
Quote:
Originally Posted by Matt 26z
Good article Matt, thanks!

ADG Webmaster
AsianDivaGirlsWebDude is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-14-2005, 12:08 AM   #6
stevo
Confirmed User
 
Join Date: Aug 2002
Location: Orlando, Florida
Posts: 2,051
I have the same problem (even with Pennywize protecting my sites), people are able to hack my .htaccess and create their own accounts! I'm not sure how they do it either...
stevo is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-14-2005, 02:14 AM   #7
blackmonsters
Making PHP work
 
blackmonsters's Avatar
 
Industry Role:
Join Date: Nov 2002
Location: 🌎🌅🌈🌇
Posts: 20,589
Quote:
Originally Posted by Mutt
Here's the situation - there's a member, legitimate member, has signed up through CCBILL, he's been cancelled twice for being a pain in the ass - he logs in from 3 or 4 different IP addresses - the mystery is that he seems to have the ability to create new username/passwords to login once he's been cancelled - these new usernames don't show up in CCBILL's admin(not a cancelled member, not a manually added signup, not an active member,nothing) or Paycom's as a member. Anybody know what this guy could be doing to add new usernames for himself? This are now two usernames he has that CCBILL and Paycom don't show.

thanks
Simple...He has determined the name of the ccbill script on your server.
You most likely have the same name that the script comes with.

Solution: Change the name of the ccbill password script on your server to something like this:

ccbil39845wjHIiekjnsjj595j~smIMkmkbd.cgi

That should shut him down forever.
blackmonsters is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-14-2005, 02:23 AM   #8
Godsmack
Confirmed User
 
Industry Role:
Join Date: Apr 2004
Location: The Netherlands
Posts: 4,525
Quote:
Originally Posted by AlienQ
Get Strongbox
Yep, that solved it for me!
__________________
Download the much improved Free Tube Script adult/mainstream tube solution for FREE!
Godsmack is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-14-2005, 02:30 AM   #9
fris
Too lazy to set a custom title
 
fris's Avatar
 
Industry Role:
Join Date: Aug 2002
Posts: 55,372
strongbox is excellent, ray is good people
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff
fris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-14-2005, 03:22 AM   #10
SGS
Confirmed User
 
SGS's Avatar
 
Industry Role:
Join Date: Dec 2002
Location: Mallorca - Nottingham
Posts: 5,176
Looking forward to learning more about the new NATS security solution.
__________________
See sig...
SGS is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-14-2005, 03:29 AM   #11
SomeCreep
:glugglug
 
SomeCreep's Avatar
 
Join Date: Mar 2003
Location: Where the Wild Things Are
Posts: 26,118
Quote:
Originally Posted by Mutt
Here's the situation - there's a member, legitimate member, has signed up through CCBILL, he's been cancelled twice for being a pain in the ass - he logs in from 3 or 4 different IP addresses - the mystery is that he seems to have the ability to create new username/passwords to login once he's been cancelled - these new usernames don't show up in CCBILL's admin(not a cancelled member, not a manually added signup, not an active member,nothing) or Paycom's as a member. Anybody know what this guy could be doing to add new usernames for himself? This are now two usernames he has that CCBILL and Paycom don't show.

thanks
Make sure you are using the most recent ccbill and paycom scripts. The old ones have exploits.
__________________

Webair Hosting

I use and recommend Webair for hosting.
SomeCreep is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-14-2005, 04:00 AM   #12
SGS
Confirmed User
 
SGS's Avatar
 
Industry Role:
Join Date: Dec 2002
Location: Mallorca - Nottingham
Posts: 5,176
Quote:
Originally Posted by SomeCreep
Make sure you are using the most recent ccbill and paycom scripts. The old ones have exploits.
That has always been the case. How recent is the most recent script?
__________________
See sig...
SGS is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-14-2005, 04:03 AM   #13
Theo
HAL 9000
 
Industry Role:
Join Date: May 2001
Posts: 34,515
talking about advanced porn surfer!
Theo is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-14-2005, 05:17 AM   #14
SomeCreep
:glugglug
 
SomeCreep's Avatar
 
Join Date: Mar 2003
Location: Where the Wild Things Are
Posts: 26,118
Quote:
Originally Posted by SGS
That has always been the case. How recent is the most recent script?
I dont know, you'd have to call ccbill or paycom to find that out. When I say it is important to use the most recent script, I dont mean from month to month. I mean every couple of years, if one is experiencing problems with their script, they should call their billing company to make sure they are running the most recent version of their script.
__________________

Webair Hosting

I use and recommend Webair for hosting.
SomeCreep is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-14-2005, 12:59 PM   #15
blackmonsters
Making PHP work
 
blackmonsters's Avatar
 
Industry Role:
Join Date: Nov 2002
Location: 🌎🌅🌈🌇
Posts: 20,589
Some thick heads in this post.

Exploits in the ccbill script? So fucking what? They can't exploit a script that they can't find because you changed the name.....DAMNNNNNN!!!!!!
blackmonsters is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.