CCBill-Giving Away Your Memberships! - GoFuckYourself.com

dgraves · 08-15-2008, 05:17 PM

that's right...check this shit out!

last month one of my members was blocked by pennywize for password trading. this guy actually had the nerve to contact ccbill to complain about being blocked. normally, when i get a blocked account email from pennywize i cancel the membership right away but it was a busy day for me so i didn't get around to it. ccbill sent me an email saying a customer was compaining about being blocked so i replied that he was a password trader and not to re-add him.

the customer sent another email complaint so ccbill refunded their membership. when i called ccbill, the rep told me that the other rep who refunded it did not read the message i sent and that it was a mistake on their part. oh ok, so it's a mistake at my expense! oh well, shit happens but it gets better...

a few days ago another member got blocked for password trading so i was quick to get on this one. after doing a look-up, i discovered that the membership expired almost a year ago! the ccbill rep told me that sometimes the "kill" message in their script doesn't remove the login from the (htpasswd) file. i couldn't believe it! he assured me that it was very uncommon even though the only way i caught this one was he was sharing the wealth of his life-time membership with his buddies. you see, the "kill" message only gets sent once so if it misses the member he gets a FREE life-time membership!

out of curiousity i downloaded the htpasswd file and compared it to my active members and as it turns out, 45 non-members still have full access to my member's area! some of them have had it as far back as 2006! so not only am i losing potential membership sales, i'm paying for their bandwidth!

i'm still waiting for them to take action and tell me what they're going to do to fix this. if you're using ccbill as a processor you could be giving people free life-time memberships and it's worth looking into.

The Heron · 08-15-2008, 05:24 PM

Not exactly a news flash. You can ask them to resync your htpasswd file which would prevent that problem if you did it on say a monthly basis.

After Shock Media · 08-15-2008, 05:25 PM

Bad news indeed. Though I would not straight out kill anyone pennywise blocks. First that software sort of sucks and is common to throw false positives and second is that some people do get their shit jacked and never shared anything.

andrej_NDC · 08-15-2008, 05:30 PM

Man, those password protection scripts have so many bugs, that just because it tells you the member is a password trader, it doesn't have to be true. In most cases, it isn't. Even if you have a internet connection not with a stable IP and you login to the site each time from a different IP, it blocks you.

And about the 45 non-paying members, I'm pretty sure most of the old members don't download anything anymore, but even if they would, bandwitch is so cheap nowadays...You concentrate too much on the "not so important" things.

dgraves · 08-15-2008, 05:54 PM

well, this is new to me.

as far as pennywize goes, you could be right. it's the software my host offers so that's why i use it. i'm going to look into using something else.

when i remove someone it's because they are showing hits from numerous countries so it seems odd that the software would generate bogus info like that. kind of defeats the purpose don't you think?

why should i do additional work on a monthly basis? i pay them 14% to do that! i'm sure no one at ccbill logs into my member's area on a regular basis to make sure it's up.

i doubt very much that someone is going to hack a computer and then take the time to get their porn site logins to then go on a board where they share the logins for free. pretty generous thieves!

many of the non-members are in the member's area all the time...i checked. after all why wouldn't they. i'm sure they don't mark on their calendar when their membership expires and they don't try after that date. you're missing the point about the bandwidth. it doesn't matter if it's 1 non-member or 45, there's a problem that needs to be fixed. those are 45 people who would never re-join!

After Shock Media · 08-15-2008, 05:59 PM

Quick question, do you let users pick usernames and passwords or do you have ccbill assign long random digit ones?

Joelercoaster · 08-15-2008, 06:00 PM

Hey D,

You and I have talked in the past at TFF, remember? I'm not sure exactly how others do it, but just an FYI, our password management is a little more "enterprise class" than what you described. If we post *any* change to the user/pass data, our system expects a positive response from the module. If it doesn't get that response, it assumes the post failed and it will post again until it succeeds. I would think the better systems have at least that level of data integrity protection built in.

Also, as you know, using your bandwidth fraud package controls to stop sharing without making life too difficult for your customers is, of course, a balance. We work with our merchants on those strategies. Hit me up if you'd like to discuss.

dgraves · 08-15-2008, 06:06 PM

Quote:

Originally Posted by After Shock Media

Quick question, do you let users pick usernames and passwords or do you have ccbill assign long random digit ones?

they can select their own login.

After Shock Media · 08-15-2008, 06:10 PM

Quote:

Originally Posted by dgraves

they can select their own login.

That alone is a severe security issue and will get your valid accounts hacked on a daily basis. Odds are you have been cancelling valid customers who had their usernames and passwords guessed or brute forced. Hell I would reason to say 9 out of 10 people you thought were sharing passwords, never did after knowing this.

dgraves · 08-15-2008, 06:10 PM

Quote:

Originally Posted by Joelercoaster

Hey D,

You and I have talked in the past at TFF, remember? I'm not sure exactly how others do it, but just an FYI, our password management is a little more "enterprise class" than what you described. If we post *any* change to the user/pass data, our system expects a positive response from the module. If it doesn't get that response, it assumes the post failed and it will post again until it succeeds. I would think the better systems have at least that level of data integrity protection built in.

Also, as you know, using your bandwidth fraud package controls to stop sharing without making life too difficult for your customers is, of course, a balance. We work with our merchants on those strategies. Hit me up if you'd like to discuss.

hey joel, how's it going man! ya, this is not cool. i just spoke with my host and there was no maintenance being performed on the dates in question. i'm not sure where the problem exists yet but it's something ccbill needs to work on.

aico · 08-15-2008, 06:12 PM

I tested CCBill a few times for customer service, asked for a refund on a site, and they told me it was not possible for them to give refunds, only the site could issue refunds. I told them I knew this was not true as I am a site owner myself, and they basically told me to go to hell.

Which is exactly why I use Epoch, and will never use CCBill.

AnniKN · 08-15-2008, 06:12 PM

Quote:

Originally Posted by dgraves

i doubt very much that someone is going to hack a computer and then take the time to get their porn site logins to then go on a board where they share the logins for free. pretty generous thieves!

They don't hack the person's computer - they hack your site, they don't get a password at a time... they get dozens and they do it using automated tools. They DO share the passwords since it's what the password trading forums do. A person buying a membership and sharing it would be WAY more generous a thief than the ones who steal them

dgraves · 08-15-2008, 06:13 PM

Quote:

Originally Posted by After Shock Media

That alone is a severe security issue and will get your valid accounts hacked on a daily basis. Odds are you have been cancelling valid customers who had their usernames and passwords guessed or brute forced. Hell I would reason to say 9 out of 10 people you thought were sharing passwords, never did after knowing this.

i'm not sure if there's a way to change that...just the way they do it.

After Shock Media · 08-15-2008, 06:14 PM

Quote:

Originally Posted by dgraves

i'm not sure if there's a way to change that...just the way they do it.

There is, I run a ccbill site or three myself.

dgraves · 08-15-2008, 06:16 PM

Quote:

Originally Posted by AnniKN

They don't hack the person's computer - they hack your site, they don't get a password at a time... they get dozens and they do it using automated tools. They DO share the passwords since it's what the password trading forums do. A person buying a membership and sharing it would be WAY more generous a thief than the ones who steal them

if they get dozens at a time, why wouldn't there be more logins blocked? this only happens about once a month.

Rochard · 08-15-2008, 06:16 PM

Your first mistake is using pennywize.

After Shock Media · 08-15-2008, 06:17 PM

Quote:

Originally Posted by dgraves

if they get dozens at a time, why wouldn't there be more logins blocked? this only happens about once a month.

Trust us, that is how it works.

dgraves · 08-15-2008, 06:22 PM

Quote:

Originally Posted by After Shock Media

There is, I run a ccbill site or three myself.

k, found that setting in the admin and changed it from "user defined" to "random". thanks for the tip, that should help quite a bit.

dgraves · 08-15-2008, 06:22 PM

Quote:

Originally Posted by After Shock Media

Trust us, that is how it works.

so what's the fix?

After Shock Media · 08-15-2008, 06:25 PM

Quote:

Originally Posted by dgraves

so what's the fix?

Random passwords & user names.
Better security program like strongbox or phantomfrog.
Reset a persons password once if they get nailed for duplicate password usage and email them the new password along with how to sweep their PC. If it happens again with them cancel account.
Synch your site with ccbill once every month or quarter.

dgraves · 08-15-2008, 06:30 PM

Quote:

Originally Posted by aico

I tested CCBill a few times for customer service, asked for a refund on a site, and they told me it was not possible for them to give refunds, only the site could issue refunds. I told them I knew this was not true as I am a site owner myself, and they basically told me to go to hell.

Which is exactly why I use Epoch, and will never use CCBill.

i was told the same thing then one day i saw a refund so i called. they said the member threatened to charge back so the refunded. i asked what the reason was and they didn't know.

dgraves · 08-15-2008, 06:32 PM

Quote:

Originally Posted by After Shock Media

Random passwords & user names.
Better security program like strongbox or phantomfrog.
Reset a persons password once if they get nailed for duplicate password usage and email them the new password along with how to sweep their PC. If it happens again with them cancel account.
Synch your site with ccbill once every month or quarter.

ya, i'm going to switch to something else. i definately don't want to be cancelling members due to software errors.

BVF · 08-15-2008, 06:35 PM

Quote:

Originally Posted by After Shock Media

Bad news indeed. Though I would not straight out kill anyone pennywise blocks. First that software sort of sucks and is common to throw false positives and second is that some people do get their shit jacked and never shared anything.

Yes, just because pennywize blocked them doesn't mean that they're password traders....I hope that you at least logged into the admin area to make sure that they weren't using AOL or something...

Pennywize used to block all kinds of shit for no reason.

TMM_John · 08-15-2008, 06:36 PM

Duh! Just use NATS, it can be setup to catch these!

dgraves · 08-15-2008, 06:41 PM

Quote:

Originally Posted by BVF

Yes, just because pennywize blocked them doesn't mean that they're password traders....I hope that you at least logged into the admin area to make sure that they weren't using AOL or something...

Pennywize used to block all kinds of shit for no reason.

i check each one out individually before i cancel their membership.

dgraves · 08-15-2008, 06:42 PM

Quote:

Originally Posted by PBucksJohn

Duh! Just use NATS, it can be setup to catch these!

lol, nice plug!

08-15-2008, 05:17 PM	#1
dgraves Confirmed User Industry Role: Join Date: Nov 2005 Location: Scottsdale Posts: 2,283	CCBill-Giving Away Your Memberships! that's right...check this shit out! last month one of my members was blocked by pennywize for password trading. this guy actually had the nerve to contact ccbill to complain about being blocked. normally, when i get a blocked account email from pennywize i cancel the membership right away but it was a busy day for me so i didn't get around to it. ccbill sent me an email saying a customer was compaining about being blocked so i replied that he was a password trader and not to re-add him. the customer sent another email complaint so ccbill refunded their membership. when i called ccbill, the rep told me that the other rep who refunded it did not read the message i sent and that it was a mistake on their part. oh ok, so it's a mistake at my expense! oh well, shit happens but it gets better... a few days ago another member got blocked for password trading so i was quick to get on this one. after doing a look-up, i discovered that the membership expired almost a year ago! the ccbill rep told me that sometimes the "kill" message in their script doesn't remove the login from the (htpasswd) file. i couldn't believe it! he assured me that it was very uncommon even though the only way i caught this one was he was sharing the wealth of his life-time membership with his buddies. you see, the "kill" message only gets sent once so if it misses the member he gets a FREE life-time membership! out of curiousity i downloaded the htpasswd file and compared it to my active members and as it turns out, 45 non-members still have full access to my member's area! some of them have had it as far back as 2006! so not only am i losing potential membership sales, i'm paying for their bandwidth! i'm still waiting for them to take action and tell me what they're going to do to fix this. if you're using ccbill as a processor you could be giving people free life-time memberships and it's worth looking into. __________________ Gloryhole Swallow \| Cumpsters \| Spy Tug \| Cum Clinic \| Chica's Place

08-15-2008, 05:25 PM	#3
After Shock Media It's coming look busy Join Date: Mar 2001 Location: "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn". Posts: 35,299	Bad news indeed. Though I would not straight out kill anyone pennywise blocks. First that software sort of sucks and is common to throw false positives and second is that some people do get their shit jacked and never shared anything. __________________ [email protected] ICQ:135982156 AIM: Aftershockmed1a MSN: [email protected]

08-15-2008, 05:54 PM	#5
dgraves Confirmed User Industry Role: Join Date: Nov 2005 Location: Scottsdale Posts: 2,283	well, this is new to me. as far as pennywize goes, you could be right. it's the software my host offers so that's why i use it. i'm going to look into using something else. when i remove someone it's because they are showing hits from numerous countries so it seems odd that the software would generate bogus info like that. kind of defeats the purpose don't you think? why should i do additional work on a monthly basis? i pay them 14% to do that! i'm sure no one at ccbill logs into my member's area on a regular basis to make sure it's up. i doubt very much that someone is going to hack a computer and then take the time to get their porn site logins to then go on a board where they share the logins for free. pretty generous thieves! many of the non-members are in the member's area all the time...i checked. after all why wouldn't they. i'm sure they don't mark on their calendar when their membership expires and they don't try after that date. you're missing the point about the bandwidth. it doesn't matter if it's 1 non-member or 45, there's a problem that needs to be fixed. those are 45 people who would never re-join! __________________ Gloryhole Swallow \| Cumpsters \| Spy Tug \| Cum Clinic \| Chica's Place

08-15-2008, 05:59 PM	#6
After Shock Media It's coming look busy Join Date: Mar 2001 Location: "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn". Posts: 35,299	Quick question, do you let users pick usernames and passwords or do you have ccbill assign long random digit ones? __________________ [email protected] ICQ:135982156 AIM: Aftershockmed1a MSN: [email protected]

08-15-2008, 06:00 PM	#7
Joelercoaster Registered User Join Date: Mar 2008 Posts: 7	Hey D, You and I have talked in the past at TFF, remember? I'm not sure exactly how others do it, but just an FYI, our password management is a little more "enterprise class" than what you described. If we post any change to the user/pass data, our system expects a positive response from the module. If it doesn't get that response, it assumes the post failed and it will post again until it succeeds. I would think the better systems have at least that level of data integrity protection built in. Also, as you know, using your bandwidth fraud package controls to stop sharing without making life too difficult for your customers is, of course, a balance. We work with our merchants on those strategies. Hit me up if you'd like to discuss. __________________ Joel Hoskins \| Director, Key Accounts \| DHD Media \| ICQ: 416877257 http://www.dhdmedia.com

08-15-2008, 05:24 PM	#2
The Heron Confirmed User Industry Role: Join Date: Apr 2001 Location: Michigan Posts: 4,488	Not exactly a news flash. You can ask them to resync your htpasswd file which would prevent that problem if you did it on say a monthly basis.

08-15-2008, 05:30 PM	#4
andrej_NDC Registered User Industry Role: Join Date: May 2004 Posts: 7,760	Man, those password protection scripts have so many bugs, that just because it tells you the member is a password trader, it doesn't have to be true. In most cases, it isn't. Even if you have a internet connection not with a stable IP and you login to the site each time from a different IP, it blocks you. And about the 45 non-paying members, I'm pretty sure most of the old members don't download anything anymore, but even if they would, bandwitch is so cheap nowadays...You concentrate too much on the "not so important" things.

08-15-2008, 06:12 PM	#11
aico Moo Moo Cow Join Date: Mar 2004 Location: Washington State Posts: 14,748	I tested CCBill a few times for customer service, asked for a refund on a site, and they told me it was not possible for them to give refunds, only the site could issue refunds. I told them I knew this was not true as I am a site owner myself, and they basically told me to go to hell. Which is exactly why I use Epoch, and will never use CCBill. Last edited by aico; 08-15-2008 at 06:13 PM..

08-15-2008, 06:16 PM	#16
Rochard Jägermeister Test Pilot Industry Role: Join Date: Dec 2001 Location: NORCAL Posts: 73,996	Your first mistake is using pennywize. __________________ “The choice is no longer between right or left. The choice is between normal and crazy.” - Sarah Huckabee Sanders YNOT MAIL \| THE BEST ADULT MAILING SOLUTION

08-15-2008, 06:36 PM	#24
TMM_John Confirmed User Industry Role: Join Date: May 2004 Posts: 6,660	Duh! Just use NATS, it can be setup to catch these! __________________ Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS!