Yes, let's blame the operating system because the programmer was too stupid to work around any security holes.

I guess I am going to have to stop lurking so I can post on this issue. ;-)

In trying to account for all possible sign-up scenarios, CCBill determined
that is was important to "reserve" a username once it was entered, but prior
to confirmation. This was done to prevent multiple sign-ups with the same
user name occurring simultaneously. This feature was "added" to the new
custom forms only. This did not affect any client using our older sign-up
systems.

Unfortunately, as we were upgrading another portion of our systems last
night, this feature began to insert the customer supplied username and
password into the database. As a fail safe, we have always had a cron
running every 30 - 60 minutes to eliminate or update username and password
data, and therefore, consumers who discovered this error were only able to
gain access for a limited period of time. This error is currently being
fixed.

Again, we would like to stress that only clients utilizing our new custom
form system may have been affected and, even in that case, it should only be
those who utilize confirmation pages. If any client affected by this issue
needs to speak to me directly, please contact me here at CCBill

Sean Eggert
CCBill Account Rep.
888-906-0666 ext. 158
84769138 icq

It only takes me 30-60 seconds to whack off;)

look this...
http://ccbillcrash.clickmyporn.com/


don't kill me it's not spam

:ak47: :pimp

Uh, oh! :waaaaahh

:)

The system has been updated, and the problem is now fixed.

Again, anyone that would like to contact me directly please feel free to call or icq.

888 906 0666 ext. 158

84769138 icq

Thanks!

Confirmed.... I have CCBill custom forms, and it does not work on mine. However, I did get an email a few days ago from a guy who tried to sign up and said his password only worked for 45 min or so. He never did actually sign up until yesterday, so it must have been the case until they now fixed it. Thanks CCBill!, and thanks to ATX_Soldier for posting this.

It don't be do workin on mine

If you want to do yourself a favor remove the confirmation screen regardless and use the ccbill user/pass generator. They dont get the user/pass until they have been charged and they cant pick stupid usernames like "qwerty" or "asdfg".

I know some other webmasters probably wonder if the random user/pass generator bothers members - the answer for me has been "no" they do not. In fact, nobody has ever complained once and password theft is mostly a dead issue for us now.

Sean's a Pimp.... :pimp

...congrats on making the cover of Klixxx! Looking forward to partying in August :winkwink:

Really you should dump the confirmation page entirely on the new join forms -- one less step for the surfer to go thru, most likely an increase in conversions for you...

Exactly right, one less chance for them to back out.

--------------------------------------------------------------------------
Sean's a Pimp....

...congrats on making the cover of Klixxx! Looking forward to partying in August

--------------------------------------------------------------------------

Thanks Brad, just trying to follow your lead as the King :Graucho
Can't wait to have a beer with you in FLA.! Say hello to Melissa...