Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 08-02-2007, 09:09 AM   #1
mrwilson
mrwilson 2.0
 
Industry Role:
Join Date: Jul 2007
Location: ICQ: 465406783
Posts: 5,122
What do you think about password forums? im guessing they effect your buisness?

I see in another topic, some one ranting about megarotic saying that its killing the industry..
But what about password forums?
There are plenty of them about, some with thousands of members...
There must be something that can be done about these type of sites/forums?

People there seem to be using bruteforce tools to get login details to pay-to-view sites and posting them to the public free!
mrwilson is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-02-2007, 10:10 AM   #2
Nails
Confirmed User
 
Join Date: Jun 2007
Posts: 262
no more then torrent sites do
Nails is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-02-2007, 10:13 AM   #3
Blue Player
So Fucking Banned
 
Join Date: Jun 2007
Posts: 679
Password forums are funny. I have a spam program that just fills them up with fake user and passwords and then redirect the traffic to a fake members area with an upsell.
Blue Player is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-02-2007, 10:41 AM   #4
raymor
Confirmed User
 
Join Date: Oct 2002
Posts: 3,745
This has of course been our area of study for many years and indeed we see that
for many sites a significant percentage of their traffic is non-paying traffic from password
sites, forums, and IRC channels. I think the more damaging part is still the load and cost
generated in acute cases where a site's passwords get posted to several popular trading
sites at once, generating huge amounts of traffic all of the sudden. That can essentially
shut down a site due to the load and is the real reason we were forced to create Strongbox
in an effort to protect our servers. Fortunately, the bad guys haven't advanced their
technology all that much over the last several years, since they effectively defeated
IP counters several years ago. That means that modern protection systems like
Strongbox can pretty much protect you. However, the bad guys are working on some
new terchniques and we expect that their OCR systems will be truly effective relatively
soon, so the industry does need to stay a step ahead and to that end we're developing our
own new technologies like the biometric indicators in the next version of Strongbox
which you may get a preview of quite soon on a couple of the largest sites in industry.
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids
raymor is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-02-2007, 10:51 AM   #5
donkevlar
Confirmed User
 
donkevlar's Avatar
 
Join Date: Sep 2006
Posts: 4,325
I don't know much about password sites, but I do know a lot of my friends seem to know the member's area of every site I write a review for inside and out...

And they definitely have never and never will spend a dime on porn.

On the other hand, the good sites get really popular. Every guy in the world knows what Kate's Playground is. My non-industry friends are obsessed with Jordan Capri and Ariel Rebel... still they'll never pay for their websites. Tis time to use this fame, give the porn away, and sell them something else.

The same thing is happening to the music industry. People have access to everything for free so you have to actually be QUALITY now to stand out.
__________________
[email protected]
donkevlar is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-02-2007, 10:52 AM   #6
commonsense
So Fucking Banned
 
Join Date: Feb 2007
Posts: 1,790
Quote:
Originally Posted by mrwilson View Post
I see in another topic, some one ranting about megarotic saying that its killing the industry..
But what about password forums?
There are plenty of them about, some with thousands of members...
There must be something that can be done about these type of sites/forums?

People there seem to be using bruteforce tools to get login details to pay-to-view sites and posting them to the public free!
A simple $80-$100 script can protect a members area from password trading. Torrent sites are 1000x worse and there are a few torrent owners right here on GFY.
commonsense is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-02-2007, 12:08 PM   #7
mrwilson
mrwilson 2.0
 
Industry Role:
Join Date: Jul 2007
Location: ICQ: 465406783
Posts: 5,122
Quote:
Originally Posted by Blue Player View Post
Password forums are funny. I have a spam program that just fills them up with fake user and passwords and then redirect the traffic to a fake members area with an upsell.
That i guess sounds like a worthwhile program.
especially if its really effective and works with forums that dont allow hotlinking to the pay site.

@ Raymor, there are several bruteforce tools that can bruteforce the ocr logins too.

As for account sharing being detected by multiple ip's, they also use a proxy so users can join using that same proxy ip so it dont give multiple ip's in the logs.

Is there not a way for pay site webmasters/owners to only allow access to
the members area if the ip matches the original one which was used up on sign up?
Or maybe by location, like the "city" if this is possible? (im not a programmer so i wouldnt know)
This alone, if possible, would limit the ammount of people using the hacked accounts would'nt it?

Sorry in advance if i dont make sense above, i am still learning myself!
mrwilson is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-03-2007, 10:35 AM   #8
raymor
Confirmed User
 
Join Date: Oct 2002
Posts: 3,745
> Raymor, there are several bruteforce tools that can bruteforce the ocr logins too

There are several that TRY. Let me know if you find any that actually work reliably.
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids
raymor is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-03-2007, 02:02 PM   #9
mrwilson
mrwilson 2.0
 
Industry Role:
Join Date: Jul 2007
Location: ICQ: 465406783
Posts: 5,122
cyberw@per - rare tool but apprently very very good ill try and get ahold of it
mrwilson is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-03-2007, 03:05 PM   #10
gmr324
Confirmed User
 
Industry Role:
Join Date: Aug 2006
Posts: 1,199
Cracking Rampage is another OCR tool hackers are
working with these days. It's a cat-and-mouse game where its imperative to stay abreast of their technology in order to stay a step ahead of the hackers.

Quote:
As for account sharing being detected by
multiple ip's, they also use a proxy so users can join
using that same proxy ip so it dont give multiple ip's
in the logs.
Leechers who subscribe to the password forums are
lazy by nature. Even though the hackers publish proxies
used to discover working stolen passes, its very rare
for the leechers to be disciplined enough to apply the
proxies in their browser before rushing to try out
the stolen passes thereby limiting their lifetime.

Quote:
Is there not a way for pay site webmasters/owners to only allow access
to the members area if the ip matches
the original one which was used up on
sign up? Or maybe by location, like
the "city" if this is possible? (im not a
programmer so i wouldnt know) This
alone, if possible, would limit the
ammount of people using the hacked
accounts would'nt it?
Mr Wilson, you just described how Phantom Frog's
Geo-IP Tracking Password Abue Detection works!!!

Our Hi-Resolution Geo-IP Tracking offers the most
accurate password abuse detection available anywhere. It tracks all visits to the members
area of a site down to the city level. Furthermore,
it takes latitudal and longitudal data into consideration. Therefore, Frog detects the fact
that the same password was used in L.A. and NYC. We pinpoint the abuse instantly, allowing for the possibility of legitimate travel. That level of resolution unique to Phantom Frog.

Our system is based upon the premise of providing
24/7 uninterrupted access to the legitimate members while blocking out the leechers. This is accomplished automatically through our unique Automated Member Support (AMS) feature.
AMS re-issues a new password directly to the affected members. This strategy breaks
the cycle of password abuse and frees up the
webmasters to do more important work.

Please check out one of our latest press releases at:

http://www.gfy.com/showthread.php?p=...2#post12156662

Our product is integrated with CCBill, NetBilling,
Paycom, NATS, MPA3, Verotel, 2000Charge, SegPay,
Jettis, and 365Billing. Phantom Frog has a simple
FREE Trial Version which installs by adding one html
tag. In fact, we recommend that you leave ProxyPass or Pennywize activated during our
Trial to witness first-hand all the abuse being
missed by them!

Most of customers were motivated to purchase our
password protection only 3 days after installing the
Free Trial! We also offer Automated Member Support, Brute Force Attack Protection, and Bandwidth Abuse
Protection.

Phantom Frog has stellar webmaster testimonials which are listed on our site. A high percentage of our clients are ex-ProxyPass/Pennywize clients.
A casual scan of our webmaster testimonials page will reveal how unaware they were of the password abuse which was being allowed and overlooked by their current protection system.

Please feel free to contact me with any questions or feedback.

Visit out site to learn more: http://www.PhantomFrog.com/g

Visit this link to try our FREE demo: http://phantomfrog.com/g?ft=1

Thanks

George

[email protected]
ICQ: 226948212

Last edited by gmr324; 08-03-2007 at 03:07 PM..
gmr324 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-03-2007, 04:10 PM   #11
mrwilson
mrwilson 2.0
 
Industry Role:
Join Date: Jul 2007
Location: ICQ: 465406783
Posts: 5,122
Looks very impressive, cant beleave i have not heard of or seen this about before!

It's certainly a site i have bookmarked for future refference!
mrwilson is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-03-2007, 04:21 PM   #12
Iron Fist
Too lazy to set a custom title
 
Join Date: Dec 2006
Posts: 23,400
Strongbox is good for protecting the members area with fake logins. Multiple IPs on the same account - lock the account down. Simple and effective.

But... what about once the member is in the members area? Downloaders are easily available. I can have your entire site ripped in 15 minutes, pics and movies, and literally mirrored on my drive.

There is one thing though that MayorsMoneys sites use which kills downloaders - it generates unique URLs when displaying pics, the downloader doesn't know how to handle it since every image displays on a HTML page. I know every program owner loves the rebill, but you seriously expect rebills when I can trial your site and have the entire thing downloaded in 15-30 mins? The cause of all this stuff is lazy webmasters.
__________________
i like waffles

Last edited by Iron Fist; 08-03-2007 at 04:22 PM..
Iron Fist is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-03-2007, 05:59 PM   #13
fris
Too lazy to set a custom title
 
fris's Avatar
 
Industry Role:
Join Date: Aug 2002
Posts: 55,372
i run a password forum
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff
fris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-04-2007, 08:43 PM   #14
raymor
Confirmed User
 
Join Date: Oct 2002
Posts: 3,745
Quote:
Originally Posted by sharphead View Post
Strongbox is good for protecting the members area with fake logins. Multiple IPs on the same account - lock the account down. Simple and effective.

But... what about once the member is in the members area? Downloaders are easily available. I can have your entire site ripped in 15 minutes, pics and movies, and literally mirrored on my drive.
...
Although Strongbox is focused on securing your passwords from trading and dictionary
attacks, it also includes two forms of simple defense against site ripping. These two
features make it harder to rip a site. For the ultimate defense against site ripping, there
is the new Throttlebox intelligent bandwidth control, which can use some fairly
sophisticated rules to control how much someone can download in a particular time frame.
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids
raymor is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.