Compdoctor

So who is doing the take down of password sites? ICQ me at 60080709 I have some to add to your list

__________________
Content By Compdoctor- Original 3D Cartoon Work

3D Comics

Anime Resource Accepting Toon/Hentai Links

woj

uh, damn it, I thought I would see some links in this thread :-/

__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

StarkReality

Password sites are so 1998...not really a threat.

Compdoctor

really!!! How about the password sites that have all your movies and have ripped your site clean to post it for their members?

__________________
Content By Compdoctor- Original 3D Cartoon Work

3D Comics

Anime Resource Accepting Toon/Hentai Links

Compdoctor

Oh well I tried, back to work

__________________
Content By Compdoctor- Original 3D Cartoon Work

3D Comics

Anime Resource Accepting Toon/Hentai Links

raymor

If anyone manages to actually do anything about password sites we have
hundreds of thousands in our list.

__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids

D

Password sites are one thing.

Content theft is another.

Password sites are circumvented easily enough by having something like Strongbox installed on your servers.

Content Theft is and continues to be an issue. If you see Shane's World or Hush Hush Entertainment content anywhere out there - please do me the favor of letting me know.

ICQ or email.

__________________
-D.
ICQ: 202-96-31

aico

I make sales from password sites, why the fuck would I want to take them down?

StarkReality

That's bad, but it's not like in the old days. Many people use torrent/tube sites instead nowadays and countermeasures to detect and disable hacked/shared accounts have dramatically improved...and this protection is very affordable.

I didn't want to say these sites aren't a problem any more, but it has become alot easier to protected yourself effectively, most shared passwords die in minutes and are often even given out by owners themselves to promote the site.

The fact that paying members download whole sites and publish the stuff on rapidshare or other free filehosts or put them on the torrent networks is a much bigger problem.

TeenCat

m s g s e n t

__________________

Iron Fist

Yup.. if you've got strongbox....

__________________
i like waffles

raymor

Indeed, while password sites slowly evolve their tactics, modern
protection systems pretty much take care of it. We have a new release of
Strongbox coming out to stay ahead of the game, but as long as a webmaster
has a modern system I think they are pretty well taken care of. Content theft
seems to be the next big problem, so that's where we're turnign our attention
for some new systems. The issue StarkReality brought up of having the whole
site ripped is taken care of by Throttlebox and our new tracking system which
has yet to be named will let you fins stolen content and track down the thief.
Hmm, what kind of "box" name might be good for the new content tracking
system? Trackbox? TraxBox? IDbox?

__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids

tcsfounder

BlackBox should be the name of the new product, or maybe package the suite under the name BlackBox, KillBox is another suggestion. BTW, i should get a hookup on a copy if you use the name, lol

Don't know what you are planning, but I would be happy to have something like apple does with their drm-free music files, info is embedded into the file at download that has the id of the purchaser. I don't know why nobody has come up with a solution to offer content providers that does something like this.

mrwilson

I cant ohnestly see how they are not really a threat.

It's the password sites that are the problem, people bitch about tube sites posting there content but where do you think the tube site owners/uploaders get the content from?

I can almost guarantee they are getting access to it through password forum sites and using cracked passwords.

Password sites are the main problem, stop them and stop alot of content being stolen.


Edit: Strongbox is good, dont get me wrong, but its certainly not all that. go to lawinanet . com and see for yourself.

pip

People that still use htaccess for authentication are dumb, you are just asking for it

mrwilson

An example.

Violetta

We should all donate some money to programmers or hackers or whatever, so that they could spend some time taking them down, or ddos, or just fuck with them...

__________________
M&A Queen

mrwilson

Something should be done, but what exactly i dont know.

Perhaps taking doing things legally would be the better option considering the majority of the pass crackers are hackers i would imagine there sites are infact pretty secure.

gmr324

We at PhantomFrog have always maintained that the ONLY TRUE litmus test of a password protection system (whether its ProxyPass, Pennywize, Strongbox) is whether the stolen passes
that are published on password trading sites are WORKING!!! If you can find working passes there, then the password protection system you're using
is failing to do its job. Period.

Just go to wt50.com and you'll find a well
organized index of password trading forums. And those are just the public ones. There are also private paid membership ones as well where
leechers pay so the stolen passwords have a longer lifetime. Many of these forums have been closed only to re-open under a different domain and host with their entire leecher membership intact. So, closing them down only makes the snake rear its ugly head in a different spot. The solution is to
block and change the stolen passwords. If the hackers and leechers who frequent these trading forums only find dead passwords, they will become frustrated and turn their attention to improperly protected sites.

I have personally observed discussion threads between hackers who are tearing their hair out about why previously wide open sites have
suddenly become unexploitable for stealing passwords. Those sites had recently installed Phantom Frog. Its nice to turn the tables and have the hackers, instead of the webmasters, be the ones who are losing sleep!!!

The next reply in this thread will outline the capabilities of Phantom Frog and how you can
install a Free Trial version of the system to
evaluate it for yourself.

gmr324

Phantom Frog that is setting a new standard for
password security. Our product uses Geo-IP tracking
technology which will not even allow 2 people to
share the same password let alone a whole trading
forum with hundreds of leechers!

Our Hi-Resolution Geo-IP Tracking offers the most
accurate password abuse detection available anywhere.
It tracks all visits to the members area of a site
down to the city level. Furthermore, it takes
latitudal and longitudal data into consideration.
Therefore, Frog detects the fact that the same
password was used in L.A. and NYC. We pinpoint the
abuse instantly, allowing for the possibility of
legitimate travel. That level of resolution is
unique to Phantom Frog.

Our system is based upon the premise of providing
24/7 uninterrupted access to the legitimate members
while blocking out the leechers. This is accomplished
automatically through our Automated Member Support
(AMS) feature. When password abuse is detected, the
password is changed. The next time the valid member
trys to login, Frog uses their email address to
validate their identity and issues them a new password
directly via email. This strategy breaks the cycle of
password abuse and frees up the webmasters to do more
important work.

Our product is integrated with CCBill, NetBilling,
Paycom, NATS, MPA3, Verotel, 2000Charge, SegPay, Jettis,
and 365Billing. Phantom Frog has a simple FREE Trial
Version which installs by adding one html tag or we
can handle the installation completely for you for.
In fact, we recommend that you leave ProxyPass or
Pennywize activated during our Trial to witness
first-hand all the abuse being missed by them!

Most of customers were motivated to purchase our
password protection only 3 days after installing the
Free Trial! We also offer Automated Member Support,
Brute Force Attack Protection, and Bandwidth Abuse
Protection.

Phantom Frog has stellar webmaster testimonials which
are listed on our site. A high percentage of our clients
are ex-ProxyPass/Pennywize clients. A casual scan of
our webmaster testimonials page will reveal how unaware
they were of the password abuse which was being allowed
and overlooked by their current protection system.


Please feel free to contact me with any questions or feedback.

Visit out site to learn more: http://www.PhantomFrog.com/g

Visit this link to try our FREE demo: http://phantomfrog.com/g?ft=1

Thanks

George

mrwilson

Hi george, i spoke to you a while back, i met you in another topic similar to this..lol

And yes Phantom frog is the way to go

gmr324

Yes, I remember that too! I sent you an ICQ message.
Shoot me an email and let's see if we can get you
lined up with a Free Trial of Frog.

Thanks Again

George

ladida

Your other things might hold water, this doesn't. Hackers don't do bruteforcing of usernames, they simply take them from the database/file. Installing phantomfrog doesn't make a site unexploitable. Exploitable != getting a valid pass. The toplist you linked to is mainly led by 1 guy, who is a webmaster himself and is profiting off of stolen passwords (he's seling memberships both to his sites and to paysites), but he does have valid passes to sites that were infact not given to him.

__________________
agentGFY *at* gmail.com

tony286

this product is going to make u rich.

gmr324

Your point is well taken. That was an unfortunate
choice of words. There are two seperate issues here.
Webmasters who voluntarily plant passwords to entice
leechers to join their site. Any webmaster doing this
would obviously ignore or exempt his planted passes
from being blocked.

The second issue concerns malicious hackers who use
one of two methods to extract stolen passwords from
a site with the intent of publishing them on trading
forums for free-for-all use. There are the so-called
script kiddies who use programs like AD and Sentry
via brute force methods to expose stolen passwords
using themed wordlists. Then there are the more
serious infractions by malicious, misguided but more
technically oriented hackers who can locate entire
password files. No password protection system will
prevent this kind of password theft.

However, what a truly effective system WILL do is
ensure that those stolen (not planted) passwords
have no lifetime! The longer a stolen password is
working, the more exposure the webmaster has
to potential content theft and bandwidth abuse.
That is the point I was emphasizing about Phantom
Frog. Early detection is your best protection!
Frog's Geo-IP Tracking will detect pass abuse down
to the city level increasing the resolution of your
radar for catching this abuse.

Those are the hacker discussion threads I was referring
to where they are dumbfounded by how quickly their
stolen passes die due to the intervention of Frog!

Thanks for Your Insight

George