What do you think about password forums? im guessing they effect your buisness?

[mrwilson]

I see in another topic, some one ranting about megarotic saying that its killing the industry..
But what about password forums?
There are plenty of them about, some with thousands of members...
There must be something that can be done about these type of sites/forums?

People there seem to be using bruteforce tools to get login details to pay-to-view sites and posting them to the public free!

[Nails]

no more then torrent sites do

[Blue Player]

Password forums are funny. I have a spam program that just fills them up with fake user and passwords and then redirect the traffic to a fake members area with an upsell.

[raymor]

This has of course been our area of study for many years and indeed we see that
for many sites a significant percentage of their traffic is non-paying traffic from password
sites, forums, and IRC channels. I think the more damaging part is still the load and cost
generated in acute cases where a site's passwords get posted to several popular trading
sites at once, generating huge amounts of traffic all of the sudden. That can essentially
shut down a site due to the load and is the real reason we were forced to create Strongbox
in an effort to protect our servers. Fortunately, the bad guys haven't advanced their
technology all that much over the last several years, since they effectively defeated
IP counters several years ago. That means that modern protection systems like
Strongbox can pretty much protect you. However, the bad guys are working on some
new terchniques and we expect that their OCR systems will be truly effective relatively
soon, so the industry does need to stay a step ahead and to that end we're developing our
own new technologies like the biometric indicators in the next version of Strongbox
which you may get a preview of quite soon on a couple of the largest sites in industry.

[donkevlar]

I don't know much about password sites, but I do know a lot of my friends seem to know the member's area of every site I write a review for inside and out...

And they definitely have never and never will spend a dime on porn.

On the other hand, the good sites get really popular. Every guy in the world knows what Kate's Playground is. My non-industry friends are obsessed with Jordan Capri and Ariel Rebel... still they'll never pay for their websites. Tis time to use this fame, give the porn away, and sell them something else.

The same thing is happening to the music industry. People have access to everything for free so you have to actually be QUALITY now to stand out.

[commonsense]

Quote:

Originally Posted by mrwilson

I see in another topic, some one ranting about megarotic saying that its killing the industry..
But what about password forums?
There are plenty of them about, some with thousands of members...
There must be something that can be done about these type of sites/forums?

People there seem to be using bruteforce tools to get login details to pay-to-view sites and posting them to the public free!

A simple $80-$100 script can protect a members area from password trading. Torrent sites are 1000x worse and there are a few torrent owners right here on GFY.

[mrwilson]

Quote:

Originally Posted by Blue Player

Password forums are funny. I have a spam program that just fills them up with fake user and passwords and then redirect the traffic to a fake members area with an upsell.

That i guess sounds like a worthwhile program.
especially if its really effective and works with forums that dont allow hotlinking to the pay site.

@ Raymor, there are several bruteforce tools that can bruteforce the ocr logins too.

As for account sharing being detected by multiple ip's, they also use a proxy so users can join using that same proxy ip so it dont give multiple ip's in the logs.

Is there not a way for pay site webmasters/owners to only allow access to
the members area if the ip matches the original one which was used up on sign up?
Or maybe by location, like the "city" if this is possible? (im not a programmer so i wouldnt know)
This alone, if possible, would limit the ammount of people using the hacked accounts would'nt it?

Sorry in advance if i dont make sense above, i am still learning myself!

[raymor]

> Raymor, there are several bruteforce tools that can bruteforce the ocr logins too

There are several that TRY. Let me know if you find any that actually work reliably.

[mrwilson]

cyberw@per - rare tool but apprently very very good ill try and get ahold of it

[gmr324]

Cracking Rampage is another OCR tool hackers are
working with these days. It's a cat-and-mouse game where its imperative to stay abreast of their technology in order to stay a step ahead of the hackers.

Quote:

As for account sharing being detected by
multiple ip's, they also use a proxy so users can join
using that same proxy ip so it dont give multiple ip's
in the logs.

Leechers who subscribe to the password forums are
lazy by nature. Even though the hackers publish proxies
used to discover working stolen passes, its very rare
for the leechers to be disciplined enough to apply the
proxies in their browser before rushing to try out
the stolen passes thereby limiting their lifetime.

Quote:

Is there not a way for pay site webmasters/owners to only allow access
to the members area if the ip matches
the original one which was used up on
sign up? Or maybe by location, like
the "city" if this is possible? (im not a
programmer so i wouldnt know) This
alone, if possible, would limit the
ammount of people using the hacked
accounts would'nt it?

Mr Wilson, you just described how Phantom Frog's
Geo-IP Tracking Password Abue Detection works!!!

Our Hi-Resolution Geo-IP Tracking offers the most
accurate password abuse detection available anywhere. It tracks all visits to the members
area of a site down to the city level. Furthermore,
it takes latitudal and longitudal data into consideration. Therefore, Frog detects the fact
that the same password was used in L.A. and NYC. We pinpoint the abuse instantly, allowing for the possibility of legitimate travel. That level of resolution unique to Phantom Frog.

Our system is based upon the premise of providing
24/7 uninterrupted access to the legitimate members while blocking out the leechers. This is accomplished automatically through our unique Automated Member Support (AMS) feature.
AMS re-issues a new password directly to the affected members. This strategy breaks
the cycle of password abuse and frees up the
webmasters to do more important work.

Please check out one of our latest press releases at:

http://www.gfy.com/showthread.php?p=...2#post12156662

Our product is integrated with CCBill, NetBilling,
Paycom, NATS, MPA3, Verotel, 2000Charge, SegPay,
Jettis, and 365Billing. Phantom Frog has a simple
FREE Trial Version which installs by adding one html
tag. In fact, we recommend that you leave ProxyPass or Pennywize activated during our
Trial to witness first-hand all the abuse being
missed by them!

Most of customers were motivated to purchase our
password protection only 3 days after installing the
Free Trial! We also offer Automated Member Support, Brute Force Attack Protection, and Bandwidth Abuse
Protection.

Phantom Frog has stellar webmaster testimonials which are listed on our site. A high percentage of our clients are ex-ProxyPass/Pennywize clients.
A casual scan of our webmaster testimonials page will reveal how unaware they were of the password abuse which was being allowed and overlooked by their current protection system.

Please feel free to contact me with any questions or feedback.

Visit out site to learn more: http://www.PhantomFrog.com/g

Visit this link to try our FREE demo: http://phantomfrog.com/g?ft=1

Thanks

George

[email protected]
ICQ: 226948212

[mrwilson]

Looks very impressive, cant beleave i have not heard of or seen this about before!

It's certainly a site i have bookmarked for future refference!

[Iron Fist]

Strongbox is good for protecting the members area with fake logins. Multiple IPs on the same account - lock the account down. Simple and effective.

But... what about once the member is in the members area? Downloaders are easily available. I can have your entire site ripped in 15 minutes, pics and movies, and literally mirrored on my drive.

There is one thing though that MayorsMoneys sites use which kills downloaders - it generates unique URLs when displaying pics, the downloader doesn't know how to handle it since every image displays on a HTML page. I know every program owner loves the rebill, but you seriously expect rebills when I can trial your site and have the entire thing downloaded in 15-30 mins? The cause of all this stuff is lazy webmasters.

[fris]

i run a password forum

[raymor]

Quote:

Originally Posted by sharphead

Strongbox is good for protecting the members area with fake logins. Multiple IPs on the same account - lock the account down. Simple and effective.

But... what about once the member is in the members area? Downloaders are easily available. I can have your entire site ripped in 15 minutes, pics and movies, and literally mirrored on my drive.
...

Although Strongbox is focused on securing your passwords from trading and dictionary
attacks, it also includes two forms of simple defense against site ripping. These two
features make it harder to rip a site. For the ultimate defense against site ripping, there
is the new Throttlebox intelligent bandwidth control, which can use some fairly
sophisticated rules to control how much someone can download in a particular time frame.