Paysite Security Workshop - GoFuckYourself.com

pornJester · 11-30-2002, 03:21 PM

I would like to dedicate this thread to ideas and methods of paysite security. There are several issues that paysite owners have to deal with when it comes to securing their content and I think if we had and open discussion here about it, we all may benefit from it. Here are some of the questions for discussion.

What are some ways you can protect against password hackers & traders?

What methods do you propose for preventing someone from leaching all your site's content on a trial membership?

How can you prevent your content from becoming widely distributed on file sharing programs such as Kazaa?

I don't run any paysites myself, so I'm interested to see what type of solutions to these problems are out there.

pornJester · 11-30-2002, 08:02 PM

< insert reply here >

11-30-2002, 08:05 PM

< insert another useful reply here >

m0rph3us · 11-30-2002, 08:42 PM

What are some ways you can protect against password hackers & traders?
> Random passes, software for multiple IP detection per username, proxypass to protect from proxy attacks.

What methods do you propose for preventing someone from leaching all your site's content on a trial membership?
>software such as pennywise to lockout account for set number of GB downloaded per day.

How can you prevent your content from becoming widely distributed on file sharing programs such as Kazaa?
> watermarking, DRM if videos

pr0 · 11-30-2002, 08:54 PM

nothing is 100% unfortunately

crack · 11-30-2002, 09:03 PM

>I would like to dedicate this thread to ideas and methods of paysite security

Here's my donation:
http://www.crack.sh/hack/msgs/

Sambuka · 11-30-2002, 10:51 PM

Well to stop leeching, I was thinking about using the normal .htaccess refurrer tags, I mean let people into the

www.domainname.com/members/index.html

which is protected with the persons password, and have a FORM post sort of link that then sends the surfer to

www.domainname.com/content/index.html

which will only allow people who come directly from domainname.com.

Spiders and leechers can't read forms. So if your password protected area has no content or very very little, and you have a link that says "Galleries" that is a form link. the spiders can't follow it and they can't link directly too : domainname.com/content/index.html.

I'm planning on testing this on a few new sites soon, does anyone know the form html code that is required for this???
Save me searching on google for 30 mins trying to find it

Sammy

fiveyes · 11-30-2002, 11:17 PM

Quote:

Originally posted by Sambuka
...Spiders and leechers can't read forms...

Sammy, whoever told you that, lied. Spiders deal with whatever they've been programmed to deal with.

Danielle · 12-01-2002, 12:37 AM

All pay sites big and small should install something like "Stop That Hacker." http://www.stopthathacker.com

Then sit back and relax.

Hugs,
Danielle

Sambuka · 12-01-2002, 12:52 AM

Quote:

Originally posted by fiveyes

Sammy, whoever told you that, lied. Spiders deal with whatever they've been programmed to deal with.

Sure but I've never seen any options for following <form> tags. I mean there MIGHT? be one that does but teleport pro and blackwidow don't, I'm pretty sure of that. I mean they can't handle Cgi, anything that is linking to .cgi files the spiders can't follow.

Tell me a spider / offline browser that follows <form> tags?

Sammy

andi_germany · 12-01-2002, 04:10 AM

Ok for multiple logins I use iprotect. Its compiled into apache so it has no performance penalties like I experienced in pennywize (early versions)

To prevent leaching I use a simple little cgi script that checks the referrer and loads the files to the browser. Unfortunately if someone wants to leach it is possible. I have much experience in leaching because if you want to protect your site you have to be an expert at it to see what is necessary. However it is possible to prevent it when normal joe is doing it. I will not disclose how you can leach every site of obvious reasons but you can only protect against it if you crypt every link and run it through a database which is so much damn work that normal people wouldn't even consider it.

It seems Flash is relatively well protected from leachers but I haven't checked out the latest offline browser generations.

11-30-2002, 03:21 PM	#1
pornJester Confirmed User Join Date: Mar 2001 Location: Florida Posts: 6,138	Paysite Security Workshop I would like to dedicate this thread to ideas and methods of paysite security. There are several issues that paysite owners have to deal with when it comes to securing their content and I think if we had and open discussion here about it, we all may benefit from it. Here are some of the questions for discussion. What are some ways you can protect against password hackers & traders? What methods do you propose for preventing someone from leaching all your site's content on a trial membership? How can you prevent your content from becoming widely distributed on file sharing programs such as Kazaa? I don't run any paysites myself, so I'm interested to see what type of solutions to these problems are out there. __________________ FreshBucks \| Webmaster Vault \| GayAW Trusted Names in Adult. ICQ 9157.3698

11-30-2002, 09:03 PM	#6
crack Confirmed User Join Date: Feb 2002 Posts: 100	>I would like to dedicate this thread to ideas and methods of paysite security Here's my donation: http://www.crack.sh/hack/msgs/ __________________ There is a crack in everything. That's how the light gets in.

11-30-2002, 08:02 PM	#2
pornJester Confirmed User Join Date: Mar 2001 Location: Florida Posts: 6,138	< insert reply here >

11-30-2002, 08:05 PM	#3
X37375787 Guest Posts: n/a	< insert another useful reply here >

11-30-2002, 08:42 PM	#4
m0rph3us Confirmed User Join Date: Mar 2001 Location: Principality of Sealand Posts: 2,033	What are some ways you can protect against password hackers & traders? > Random passes, software for multiple IP detection per username, proxypass to protect from proxy attacks. What methods do you propose for preventing someone from leaching all your site's content on a trial membership? >software such as pennywise to lockout account for set number of GB downloaded per day. How can you prevent your content from becoming widely distributed on file sharing programs such as Kazaa? > watermarking, DRM if videos

11-30-2002, 08:54 PM	#5
pr0 rockin tha trailerpark Industry Role: Join Date: May 2001 Location: ~Coastal~ Posts: 23,088	nothing is 100% unfortunately

11-30-2002, 10:51 PM	#7
Sambuka Registered User Join Date: Sep 2002 Location: - Posts: 500	Well to stop leeching, I was thinking about using the normal .htaccess refurrer tags, I mean let people into the www.domainname.com/members/index.html which is protected with the persons password, and have a FORM post sort of link that then sends the surfer to www.domainname.com/content/index.html which will only allow people who come directly from domainname.com. Spiders and leechers can't read forms. So if your password protected area has no content or very very little, and you have a link that says "Galleries" that is a form link. the spiders can't follow it and they can't link directly too : domainname.com/content/index.html. I'm planning on testing this on a few new sites soon, does anyone know the form html code that is required for this??? Save me searching on google for 30 mins trying to find it Sammy

12-01-2002, 12:37 AM	#9
Danielle Confirmed User Join Date: Jun 2002 Location: My Coffin Posts: 1,227	All pay sites big and small should install something like "Stop That Hacker." http://www.stopthathacker.com Then sit back and relax. Hugs, Danielle

12-01-2002, 04:10 AM	#11
andi_germany Confirmed User Join Date: Oct 2002 Location: Germany Posts: 768	Ok for multiple logins I use iprotect. Its compiled into apache so it has no performance penalties like I experienced in pennywize (early versions) To prevent leaching I use a simple little cgi script that checks the referrer and loads the files to the browser. Unfortunately if someone wants to leach it is possible. I have much experience in leaching because if you want to protect your site you have to be an expert at it to see what is necessary. However it is possible to prevent it when normal joe is doing it. I will not disclose how you can leach every site of obvious reasons but you can only protect against it if you crypt every link and run it through a database which is so much damn work that normal people wouldn't even consider it. It seems Flash is relatively well protected from leachers but I haven't checked out the latest offline browser generations.