Password Software - GoFuckYourself.com

Sleepy · 01-30-2002, 07:30 AM

Anyone want to recommend some password software ?
We use Iprotect and a few other little tricks but we are hit so many fucking times per day its like pissing in the wind. We block each password hacking attempt after 5 guesses but these hackers use proxy servers. So, if they have 5 guesses per proxy and a list of 10,000 proxies they still get 50,000 shots at cracking a password.

We own a copy of the source to Iprotect and Im considering having our programmer rewrite it so its more efficient. I figure if someone already wrote a program that can do the job I might as well buy it. Our prgrammer writes in C, php, java and can do anything but password protection is a learning curve for him. Of course its never good to experiment when it comes to passwords and memberships so Im saving that as plan "B".

Thanks !

pr0 · 01-30-2002, 08:15 AM

you wont be able to stop em....dont bother.

the only real solution is a script like pennywise

but thats pissing in the wind as well......

I suggest making the users choose 8+ character passes.

Also...if you would like to inquire in some professional protection, let me know....i got some hookups

heymatty · 01-30-2002, 08:16 AM

save yourself the hassle and buy pennywize, at pennywize.com.

Its only $30 a month (for the least number of logins per day) and it works fine.

Sleepy · 01-30-2002, 08:41 AM

Pennywize pipes your logs off to another server, then analyzes them, then writes back your server to tell it to block a hacker. By the time that happens theres a good chance your server isnt responding anymore. I also had my programmer look at their software and ( at the time ) he told me when it switches to 'root' theres a large securtiy hazard. I also dont like the fact that the owner of Pennywize has obvious ties with his own adult programs and has acess to my logs. I havent looked at pennywize in a long time but I dont think its basic operation has changed. It worked great for me 5 years ago with 200 members but it didnt work so good with 15,000 members and a half million hack attempts per day. For a small site I recommend Pennywize but it couldnt take the stress on my sites. Any program where my server has to send info to another server just aint working for me.

Sleepy · 01-30-2002, 08:44 AM

Quote:

Originally posted by pr0
you wont be able to stop em....dont bother.
the only real solution is a script like pennywise
but thats pissing in the wind as well......
I suggest making the users choose 8+ character passes.
Also...if you would like to inquire in some professional protection, let me know....i got some hookups

I was thinking of hiring Aussie Rebel to personally go to each hackers house and beat the shit out of them :D

$tandaman · 01-30-2002, 10:30 AM

We just released version 2.0 of passtrojan, you can check it out.
The beauty of it, it let's people who got the hotlinked password in, even though password is blocked, and you show them completely different page without actually having the nasty window to re-try the password popup for 3 times, and then getting the 403 page.

This way you get all the traffic in for free, and you can send it out anywhere you want.

check it out: http://www.passtrojan.com

GotGauge · 01-30-2002, 11:49 AM

What OS are you on?
If you run NT Win2K
I like DAF.
Wont stop people from cracking them, but
it only lets 1 user per username/password

spacedog · 01-30-2002, 11:54 AM

Try PassHack Killer

pr0 · 01-30-2002, 11:58 AM

Quote:

Originally posted by $tandaman
We just released version 2.0 of passtrojan, you can check it out.
The beauty of it, it let's people who got the hotlinked password in, even though password is blocked, and you show them completely different page without actually having the nasty window to re-try the password popup for 3 times, and then getting the 403 page.

This way you get all the traffic in for free, and you can send it out anywhere you want.

check it out: http://www.passtrojan.com

This is what crackers call "spitting fakes" & that protection works decent. (For most newbie kids)

If you wanna learn more about how they get in, & how to keep em out, i suggest you do battle with them in the trench's so to speak.

Only way to learn how to stop them is to see it first hand.

Heres a hint "Dalnet" "IRC" "#hackedxxxpasswords"

By the way....heres some names you may want to look at on the search engines

"Golden Eye"
"Brutus"
"Aries"

You find out how the fuckers are crackin at ya.....you'll find out how to stop em.

I also like the Aussie Rebel Beat down idea

Sleepy · 01-30-2002, 12:02 PM

Quote:

Originally posted by $tandaman
We just released version 2.0 of passtrojan, you can check it out.
The beauty of it, it let's people who got the hotlinked password in, even though password is blocked, and you show them completely different page without actually having the nasty window to re-try the password popup for 3 times, and then getting the 403 page.

This way you get all the traffic in for free, and you can send it out anywhere you want.

check it out: http://www.passtrojan.com

How do you get around the problem with the proxy servers ? I already have 403 redirection and my current program is written in C so it barely uses any resources. Stopping the shared passwords is easy, the problem is stopping them from being stolen from legit members.

pr0 · 01-30-2002, 12:05 PM

Heres one of your little friends.....

Sleepy · 01-30-2002, 12:05 PM

Quote:

Originally posted by pr0

Heres a hint "Dalnet" "IRC" "#hackedxxxpasswords"
By the way....heres some names you may want to look at on the search engines
"Golden Eye"
"Brutus"
"Aries"
You find out how the fuckers are crackin at ya.....you'll find out how to stop em.
I also like the Aussie Rebel Beat down idea

Deny.de is another good place..
I know what they are doing and how, but I dont know how to stop them. Its the friggin proxy servers that are the problem. Sometimes they even use AOL proxy servers and you sure cant block those..

pr0 · 01-30-2002, 12:10 PM

no....the aol & large isp ones, you really cannot stop.

however the foregin open port 8080,80 etc. you can stop ..but you would have to ping every visitor that came to your site.

So basically your fucked unless your friends with the crackers ; )

I suggest you hire AUssie Rebel to take out the trash =)

pr0 · 01-30-2002, 12:11 PM

FYI - deny.de is no longer

^R3K^ · 01-30-2002, 12:16 PM

i had a long paragraph here, but i gave up on it because no matter what i say people are going to do the opposite

^R3K^ · 01-30-2002, 12:18 PM

Quote:

Originally posted by pr0
So basically your fucked unless your friends with the crackers ; )

you making my ass pucker with this shit

Sleepy · 01-30-2002, 12:19 PM

Quote:

Originally posted by ^R3K^
i had a long paragraph here, but i gave up on it because no matter what i say people are going to do the opposite

Id like to hear what you have to say. Im listening.

Sleepy · 01-30-2002, 12:22 PM

Quote:

Originally posted by pr0
FYI - deny.de is no longer

Im in the site - they lowbrow the hacking stuff but its all there.

pr0 · 01-30-2002, 12:24 PM

Ahhhhh ok the other day it was going to security.de or sum shit.

Guess they got it back up ; )

kmanrox · 01-30-2002, 12:26 PM

LoL i invented this technology for porn sites in 1995 thru CyberErotica...

erotictrance · 01-30-2002, 12:39 PM

BTW Sleepy ... terrific thread ... thank you very much ...

Very informative ...

Keev · 01-30-2002, 12:43 PM

Talk to Oliver Klozov he has some good shit on the way

Sleepy · 01-30-2002, 12:50 PM

Quote:

Originally posted by erotictrance
BTW Sleepy ... terrific thread ... thank you very much ...

Very informative ...

Thanks I guess :D I dont feel informative but .. I guess it is really :D

erotictrance · 01-30-2002, 01:13 PM

Well Sleepy, I don't really know this tech stuff very well ... so excuse my ignorance ...

But I am trying to learn ... so I am grateful for this thread ...

And what I continually hear is that any off the shelf password protect program does tend to get hacked eventually ... obviously because a lot of webmasters use it ... and the hackers get a lot of mileage out of it ...

The only real solution that I can see is to develop your own proprietary stuff ...

But that's bad news for someone like me who doesn't have the means or expertise to do so ...

Sleepy · 01-30-2002, 02:18 PM

Quote:

Originally posted by erotictrance
Well Sleepy, I don't really know this tech stuff very well ... so excuse my ignorance ...

Im not teasing you. Im looking for info. Im not 'too informative' today wasnt meant to insult you or anything. Once a year I have to catch up on the latest hacks and today is that day.

erotictrance · 01-30-2002, 03:12 PM

Oh ... I wasn't feeling insulted at all Sleepy ...

I am, in fact, ignorant on a lot of this stuff ... LOL. I was just stating the truth about myself ... not responding to you in that regard ...

If you do come up with some solution to all of this though ... I'm all ears ...

erotictrance · 01-30-2002, 03:14 PM

Quote:

Originally posted by ^R3K^
i had a long paragraph here, but i gave up on it because no matter what i say people are going to do the opposite

I'm listening too ... BTW

IntheBlue · 01-30-2002, 03:21 PM

Sleepy,

If you want to block 95% of the button pushers, make your login a form based login like globill. You will notice a dramatic decrease.

Note: let's see if my signature is wack.

leverage7 · 06-18-2002, 12:35 PM

Ovelo Sentry, www.ovelo.com, doesn't require root like Pennywize so there isn't a security breach!

01-30-2002, 07:30 AM	#1
Sleepy Confirmed User Join Date: Nov 2001 Location: Porn Peddler Posts: 679	Password Software Anyone want to recommend some password software ? We use Iprotect and a few other little tricks but we are hit so many fucking times per day its like pissing in the wind. We block each password hacking attempt after 5 guesses but these hackers use proxy servers. So, if they have 5 guesses per proxy and a list of 10,000 proxies they still get 50,000 shots at cracking a password. We own a copy of the source to Iprotect and Im considering having our programmer rewrite it so its more efficient. I figure if someone already wrote a program that can do the job I might as well buy it. Our prgrammer writes in C, php, java and can do anything but password protection is a learning curve for him. Of course its never good to experiment when it comes to passwords and memberships so Im saving that as plan "B". Thanks !

01-30-2002, 08:16 AM	#3
heymatty Confirmed User Join Date: Oct 2001 Location: Scottsdale :) Posts: 2,188	save yourself the hassle and buy pennywize, at pennywize.com. Its only $30 a month (for the least number of logins per day) and it works fine. __________________ Cashlantis ~ Black Book Cash

01-30-2002, 10:30 AM	#6
$tandaman Pimping 8EZ Industry Role: Join Date: Jun 2001 Location: New Jersey Posts: 3,530	We just released version 2.0 of passtrojan, you can check it out. The beauty of it, it let's people who got the hotlinked password in, even though password is blocked, and you show them completely different page without actually having the nasty window to re-try the password popup for 3 times, and then getting the 403 page. This way you get all the traffic in for free, and you can send it out anywhere you want. check it out: http://www.passtrojan.com __________________ CentroProfits.com - Make money with 3000+ Models! ModelCentro.com - Multiple award winning hosted CMS designed to run solo model sites, with affiliate program built in. Launch your model site in 24 hrs or less! FanCentro.com - Premium social network for SWs & Fans!

01-30-2002, 11:49 AM	#7
GotGauge Confirmed User Join Date: Nov 2001 Location: USA Posts: 3,072	What OS are you on? If you run NT Win2K I like DAF. Wont stop people from cracking them, but it only lets 1 user per username/password __________________ ICQ 22264474 [email protected]

01-30-2002, 12:16 PM	#15
^R3K^ Confirmed User Join Date: Sep 2001 Location: North Carolina Posts: 2,815	i had a long paragraph here, but i gave up on it because no matter what i say people are going to do the opposite __________________ no business like ho business Http://www.natnet.com No Hype, Just Results

01-30-2002, 08:15 AM	#2
pr0 rockin tha trailerpark Industry Role: Join Date: May 2001 Location: ~Coastal~ Posts: 23,088	you wont be able to stop em....dont bother. the only real solution is a script like pennywise but thats pissing in the wind as well...... I suggest making the users choose 8+ character passes. Also...if you would like to inquire in some professional protection, let me know....i got some hookups

01-30-2002, 08:41 AM	#4
Sleepy Confirmed User Join Date: Nov 2001 Location: Porn Peddler Posts: 679	Pennywize pipes your logs off to another server, then analyzes them, then writes back your server to tell it to block a hacker. By the time that happens theres a good chance your server isnt responding anymore. I also had my programmer look at their software and ( at the time ) he told me when it switches to 'root' theres a large securtiy hazard. I also dont like the fact that the owner of Pennywize has obvious ties with his own adult programs and has acess to my logs. I havent looked at pennywize in a long time but I dont think its basic operation has changed. It worked great for me 5 years ago with 200 members but it didnt work so good with 15,000 members and a half million hack attempts per day. For a small site I recommend Pennywize but it couldnt take the stress on my sites. Any program where my server has to send info to another server just aint working for me.

01-30-2002, 11:54 AM	#8
spacedog Yes that IS me. Bitch. Industry Role: Join Date: Nov 2001 Posts: 14,149	Try PassHack Killer

01-30-2002, 12:05 PM	#11
pr0 rockin tha trailerpark Industry Role: Join Date: May 2001 Location: ~Coastal~ Posts: 23,088	Heres one of your little friends.....

01-30-2002, 12:10 PM	#13
pr0 rockin tha trailerpark Industry Role: Join Date: May 2001 Location: ~Coastal~ Posts: 23,088	no....the aol & large isp ones, you really cannot stop. however the foregin open port 8080,80 etc. you can stop ..but you would have to ping every visitor that came to your site. So basically your fucked unless your friends with the crackers ; ) I suggest you hire AUssie Rebel to take out the trash =)

01-30-2002, 12:11 PM	#14
pr0 rockin tha trailerpark Industry Role: Join Date: May 2001 Location: ~Coastal~ Posts: 23,088	FYI - deny.de is no longer

01-30-2002, 12:24 PM	#19
pr0 rockin tha trailerpark Industry Role: Join Date: May 2001 Location: ~Coastal~ Posts: 23,088	Ahhhhh ok the other day it was going to security.de or sum shit. Guess they got it back up ; )

01-30-2002, 12:26 PM	#20
kmanrox aka K-Man Industry Role: Join Date: Oct 2001 Location: The Gutter Posts: 29,295	LoL i invented this technology for porn sites in 1995 thru CyberErotica... __________________ Crypto HODLr Crypto mining Angel investor

01-30-2002, 12:39 PM	#21
erotictrance Confirmed User Join Date: Nov 2001 Location: Southern California Posts: 328	BTW Sleepy ... terrific thread ... thank you very much ... Very informative ... __________________ erotictrance

01-30-2002, 12:43 PM	#22
Keev Confirmed User Join Date: May 2001 Posts: 5,335	Talk to Oliver Klozov he has some good shit on the way __________________ ReliableServers.com - NO REF LINK!

01-30-2002, 01:13 PM	#24
erotictrance Confirmed User Join Date: Nov 2001 Location: Southern California Posts: 328	Well Sleepy, I don't really know this tech stuff very well ... so excuse my ignorance ... But I am trying to learn ... so I am grateful for this thread ... And what I continually hear is that any off the shelf password protect program does tend to get hacked eventually ... obviously because a lot of webmasters use it ... and the hackers get a lot of mileage out of it ... The only real solution that I can see is to develop your own proprietary stuff ... But that's bad news for someone like me who doesn't have the means or expertise to do so ... __________________ erotictrance Last edited by erotictrance; 01-30-2002 at 01:28 PM..

01-30-2002, 03:12 PM	#26
erotictrance Confirmed User Join Date: Nov 2001 Location: Southern California Posts: 328	Oh ... I wasn't feeling insulted at all Sleepy ... I am, in fact, ignorant on a lot of this stuff ... LOL. I was just stating the truth about myself ... not responding to you in that regard ... If you do come up with some solution to all of this though ... I'm all ears ... __________________ erotictrance

01-30-2002, 03:21 PM	#28
IntheBlue Registered User Industry Role: Join Date: Aug 2001 Location: Arkansas Posts: 70	Sleepy, If you want to block 95% of the button pushers, make your login a form based login like globill. You will notice a dramatic decrease. Note: let's see if my signature is wack.

06-18-2002, 12:35 PM	#29
leverage7 Registered User Join Date: Jun 2002 Posts: 9	Ovelo Sentry, www.ovelo.com, doesn't require root like Pennywize so there isn't a security breach!