MikeSmoke

have you noticed anything odd over the last week? I'm getting tons of un/pw combos disabled, including ones that belong to friends who I *know* haven't been trading...and can't see anything unusual on the servers as far as traffic or referrers are concerned...

__________________

icq: 541-739-92

TheDoc

That is because PW traders know EXACTLY how to beat pennywize. It DOES NOT protect your members area.

__________________

Gateway69

proxypass is the way to go.. works like a charme and has safed us sooo much bw

__________________
Gateway - Tech Guru
Dreaming Computers IG

TheDoc

proxypass is much better than pennywize, strongbox owns them both..

Even PP won't stop pw traders, anything under your set limit will get in, they rotate pw's to stay under those limits and they can still hammer brute force attack.

__________________

Gateway69

u can set the limit in PP to what ever u feel comfrotable with.

__________________
Gateway - Tech Guru
Dreaming Computers IG

ninavain

pennywize is a joke..dropped them for strongbox..but they have issues too

AdultMegaCash

Yes having the same issue, but we have other custom securities in place.

__________________
Do not use Jay AKA Bannerdept.com Click HERE for reasons why!

SGS

What issues does Strongbox have?

__________________
See sig...

MikeSmoke

thanks, glad to hear it's not just me.

(and thanks for the other posts, but i know the various pros and cons of the different systems - my sites are not the usual ones that have "professional" hackers, i only have to worry about amateurs who trade passwords among themselves.)

__________________

icq: 541-739-92

venus

I have been using password sentry for several years, no problems with it.

__________________
Muscle/Fitness Adult Affiliate Program
Since 1997 www.venuscash.com

Gateway69

dont get me started on password sentry. that thing never worked well for any of our sites.. u should really switch to proxy or strong u will prob see a huge drop in bw usages,

__________________
Gateway - Tech Guru
Dreaming Computers IG

SGS

The only problem with Strongbox is running it on large load balanced server setups.

__________________
See sig...

Hunter_ST

I love how one person says they've been using "X" forever, and then another person says "x" sucks, you should use "Y".

You'd think there would be some kind of agreement on the best password protection?

Anyone else have any real-world experience with a pw protection system that works?

__________________

Splosh Cash Wet and Messy Fetish Program
I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me.

SGS

We have run most of them and are still running several different systems still now for various reasons on different sites but Strongbox is the best available at the moment by miles.

__________________
See sig...

seven

same q for you here.. would like to know about the issues you got

__________________
Toy Rev
Rouge Web Design

emmanuelle

Mike hit me up on icq (64614011) I might be able to help you ;-)

SGS

Apart from issues with load balanced servers I am not aware of any problems at all.

__________________
See sig...

latinasojourn

yes, years ago used pennywize. always had probs.

last couple years on proxypass, no probs.

and antihotlinking.com for movie protection.

latinasojourn

and i will say this also.

if you are on ccbill upgrade to their new security.

tedious to do, but bulletproof so far.

PbG

I often wondered about this ... never been able to get this info from Ray. The only customer we have using it does'nt do enough traffic to hit our radar.

__________________

Uncensored-Hosting | Photography by Gus

V_RocKs

Pennywize is not your problem. If your friends passwords are getting used then this has nothing to do with password protection scripts at all. This has to do with someone obtaining either your password file or database info where user and password are stored. To say it plainly, you've been hacked and now they have all of your passwords.

Jace

i have been using iprotect for years now with not one bit of trouble ever

TheDoc

Pennywize doesn't not stop brute force attacks, it doesn't even slow them down. Proxypass is better but it still won't stop attacks. Even strongbox has minor issues with attacks.. If you use htauth, you will get leaks, period, it has NOTHING to do with being hacked or someone getting your pw file, it has EVERYTHING to do with brute force attacks.

BTW.. Proxypass offers form protection now from what I understand, or secret word protection, something like that. That would make it as strong as strongbox..

The strongest solution right now is strongbox, hands down. From what I understand someone has strongbox running on a load balancer.

__________________

V_RocKs

He stated that his friends own personal accounts were hacked. That means this isn't a cracker bruteforcing, it is a hacker who stole the password file.

TheDoc

Hehe, yeah, personal accounts can be brute force attacked, without much of problem.. Even more so when you guess a username on pennywize, and it tells you if it's active or not even if the pw is wrong. So then they just need to hammer the username for the pw combo..

Not hard when they have a million word dictionary files.

__________________

V_RocKs

Actually it is very hard and you possibly have never tried it.

#1 If the word isn't in the dictionary it can't be bruteforced since it isn't ever tried (it is not in the list).
#2 With a 3mb connection the best you will be able to do is about 80,000 an hour. If you DID try it that many times an hour, your list of 2000 proxies would begin to be blocked in about 20 minutes or so. At this speed it would take 12.5 hours to try 1,000,000 passwords... and that is per user...

Cracking websites is like stealing cars. If you can spend another 10 minutes to find one without a tracking system, steering wheel locking system or alarm, it is worth it to avoid 4 years in prison. If you can find a website that uses basic authentication and has a large pool of users it is better than a form based login to a site with 200. But if you know how to disable alarms and tracking systems it is like being able to just steal the password file. It is easier than spending 12.5 hours PER USERNAME....

If he had MULTIPLE users with VIP passes, then he was hacked.