Check your CCBill htpasswd file

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • XXXMovie4M
    Confirmed User
    • Sep 2008
    • 359

    #1

    Check your CCBill htpasswd file

    check your ccbill htpasswd file on a regular basis to make sure there aren't non-paying users who still have access to your site.

    last year i was looking up a password trader and discovered that he had cancelled over a year earlier but his username was still in the htpasswd file!!! so not only did he have free access for over a year, he was generous enough with his good fortune that he shared it with a bunch of his buddies! when i asked ccbill about this they said this happens if there is a problem writing to the server. when a membership expires the user is removed but if there is a problem with the connection then the user never gets removed. the entire file isn't re-written, just that line. something doesn't seem right with that but it's the story i was told.

    well, after reading all the stuff on here lately about ccbill i thought i'd check again and guess what, there were 105 users in the htpasswd file that weren't paying but had member's area access!

    ccbill said there's nothing they can do about it and it's up to the site owner to request a new htpasswd file each month to make sure non-paying members are removed.

    check your shit!
  • MrDeiz
    • May 2008
    • 9802

    #2
    thx a lot for sharing your experience. added to our news section
    Make money with WEBC$MS
    The only way to still make money in adult

    Comment

    • TheDA
      Confirmed User
      • May 2006
      • 4665

      #3
      It's been a problem for a long time. I know a bunch of people that do that on a regular basis.
      Sharleen Spiteri - 1989 - In The Ass

      Comment

      • pornpf69
        Too lazy to set a custom title
        • Jun 2004
        • 15782

        #4
        this is pretty bad...
        they don't overwrite all the user because you might be using another billing option...

        Comment

        • XXXMovie4M
          Confirmed User
          • Sep 2008
          • 359

          #5
          Originally posted by pornpf69
          they don't overwrite all the user because you might be using another billing option...
          that's a good point. so it's up to the owner to make sure the file is up to date.

          Comment

          • andrej_NDC
            Registered User
            • May 2004
            • 7760

            #6
            Whats the big deal...few guys will have free access, so what? If its few %, it isn't even worth to check.

            Comment

            • pornpf69
              Too lazy to set a custom title
              • Jun 2004
              • 15782

              #7
              Originally posted by XXXMovie4M
              that's a good point. so it's up to the owner to make sure the file is up to date.
              imagine how frustrating it would be for a member who signed up using another biulling company (because they were declined by CCBill) not to be able to login because CCBILL deleted their username from the file... this pretty much sums up to why they dont overwrite all the file... but they could set up some way to warn the site owners that the member was not successfully delete from their htpasswd file...

              I am sure that this problem is not only with ccbill but with any other billing that you might be using...

              Comment

              • XXXMovie4M
                Confirmed User
                • Sep 2008
                • 359

                #8
                Originally posted by andrej_NDC
                Whats the big deal...few guys will have free access, so what? If its few %, it isn't even worth to check.
                a few guys would be 1 or 2, not 105!

                105 x $29.95 = $3,144.75/month. you wouldn't take 15 minutes out of your month to save $3,144.75 + bandwidth?

                besides, that's not the point. the point is if the person doesn't get removed then they stay in the htpasswd file indefinately. that list will only get bigger, never smaller.

                Comment

                • andrej_NDC
                  Registered User
                  • May 2004
                  • 7760

                  #9
                  Originally posted by XXXMovie4M
                  a few guys would be 1 or 2, not 105!

                  105 x $29.95 = $3,144.75/month. you wouldn't take 15 minutes out of your month to save $3,144.75 + bandwidth?

                  besides, that's not the point. the point is if the person doesn't get removed then they stay in the htpasswd file indefinately. that list will only get bigger, never smaller.
                  Those members cancelled their memberships...what makes you think they would all re-join? None of them would.

                  Comment

                  • pornpf69
                    Too lazy to set a custom title
                    • Jun 2004
                    • 15782

                    #10
                    Originally posted by andrej_NDC
                    Those members cancelled their memberships...what makes you think they would all re-join? None of them would.
                    but they wouldn't share the new content on TUBE SITES...

                    Comment

                    • XXXMovie4M
                      Confirmed User
                      • Sep 2008
                      • 359

                      #11
                      Originally posted by andrej_NDC
                      Those members cancelled their memberships...what makes you think they would all re-join? None of them would.
                      none of them would? you need to be a paysite owner to understand how it works. people join a site for a month or two and they cancel but many return after a bunch of new content is added.

                      this is a normal cycle. what if the member cancelled because of money issues but loved your site. the htpasswd file issue guarantees they will never have to join again.

                      i checked most of the usernames that were suppose to be removed and they are still accessing the site. what does that tell you?

                      the issue here is if a person is not paying then they shouldn't have access, regardless of how many for how long. it's business 101. the point of this thread isn't to debate whether or not it's ok for non-paying people to have access to your site, it's to make othet site owners aware that you need to keep an eye on this. if you don't own a site then it doesn't concern you.

                      Comment

                      • quantum-x
                        Confirmed User
                        • Feb 2002
                        • 6863

                        #12
                        Originally posted by XXXMovie4M
                        a few guys would be 1 or 2, not 105!

                        105 x $29.95 = $3,144.75/month. you wouldn't take 15 minutes out of your month to save $3,144.75 + bandwidth?

                        besides, that's not the point. the point is if the person doesn't get removed then they stay in the htpasswd file indefinately. that list will only get bigger, never smaller.
                        with maths skills like that, you should be a laywer for the MPAA
                        PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -

                        Comment

                        • Bman
                          Confirmed User
                          • Aug 2003
                          • 1679

                          #13
                          Hopefully you email all those members and tell them that there was a glitch and that you are deleting their access however then can sign up again for a discounted price and give them a discount code. I am sure you will get some that bite
                          ICQ 228211529

                          Comment

                          • NemesisEnforcer
                            Confirmed User
                            • Aug 2003
                            • 2122

                            #14
                            Originally posted by XXXMovie4M
                            ccbill said there's nothing they can do about it and it's up to the site owner to request a new htpasswd file each month to make sure non-paying members are removed.
                            It's been like this for a long time. If you have an outage or do a server move, you should contact CCBill to refresh your htpasswd file. We refresh our files every quarter as part of routine maintenance.
                            The Only Time When Success Comes Before Work Is In A Dictionary.

                            Did you ever notice: When you put the 2 words 'The' and 'IRS' together it spells 'Theirs.'

                            Comment

                            • VGeorgie
                              Confirmed User
                              • Nov 2008
                              • 359

                              #15
                              My experience with it is this:

                              * CCBill fails to remove about 3-5% of the usernames. Over time it adds up.

                              * I call it a BUG, even if CCBill is correct in saying it's our responsibility to ensure accuracy of the data on our servers. I'm fairly certain it's an issue on their end, not in my server, because I have uptime monitors up the wazoo for my server and it's seldom down. I check the Apache error logs daily and the scripts are running fine. In any case, their system should do more retries to delete the username. Their error.log notes when it can't.

                              * The stuck usernames seem to come in groups. I had a lot right after Christmas and New Years.

                              * For my membership, anyway, maybe 1/5 or 1/4 realize they can still access, and continue to log on. I can check because I use Strongbox which gives you a history of their logins.

                              * Some of my members actually do resubscribe later. I think a lot of people sign up for a month, leave, and come back a few months later to snag the updates. So it's worthwhile to ensure canceled members are removed, as it could mean a re-subscription down the road.

                              * I recorded a simple Word macro that compares the Active Member list that CCBill maintains and my htpasswd file. Takes just a few seconds to catch all the stragglers. You could do the same, or write a little PHP or Perl script or something that does it.

                              Comment

                              • XXXMovie4M
                                Confirmed User
                                • Sep 2008
                                • 359

                                #16
                                i just got them to send me the latest and greatest htpasswd file then i re-added all the members for the day to make sure i didn't miss anyone in the process.

                                Comment

                                • BFT3K
                                  Too lazy to set a custom title
                                  • Dec 2005
                                  • 10764

                                  #17
                                  I actually flagged 6 members JUST THIS WEEK for password sharing!

                                  Comment

                                  • NaughtyRob
                                    Two fresh affiliate progs
                                    • Nov 2004
                                    • 29602

                                    #18
                                    www.proxypass.com ftw.
                                    [email protected]
                                    Skype: 17026955414
                                    Vacares Web Hosting - Protect Your Ass with Included Daily Backups

                                    Comment

                                    • AmeliaG
                                      Too lazy to set a custom title
                                      • Jan 2003
                                      • 10663

                                      #19
                                      It's a pain to regenerate your password file because there is no automatic way to do this with CCBill or Epoch. Globill had one, but that's not terribly helpful now. Heh.

                                      Epoch doesn't want to send out properly encrypted stuff, so the site owner has to blank the file, have users unhappy for a little while, set up an FTP for Epoch and have them put stuff in. Then use whatever CCBill emailed to append those users.

                                      I probably do this twice a year, but I would do it monthly, if it were less of a problematic workaround fix.
                                      GFY Hall of Famer

                                      AltStar Hall of Famer




                                      Blue Blood's SpookyCash.com

                                      Babe photography portfolio

                                      Comment

                                      • quantum-x
                                        Confirmed User
                                        • Feb 2002
                                        • 6863

                                        #20
                                        Originally posted by AmeliaG
                                        It's a pain to regenerate your password file because there is no automatic way to do this with CCBill or Epoch. Globill had one, but that's not terribly helpful now. Heh.

                                        Epoch doesn't want to send out properly encrypted stuff, so the site owner has to blank the file, have users unhappy for a little while, set up an FTP for Epoch and have them put stuff in. Then use whatever CCBill emailed to append those users.

                                        I probably do this twice a year, but I would do it monthly, if it were less of a problematic workaround fix.
                                        Hi Amelia.
                                        I recently did an Epoch migration within the last month, and that was not the case. They posted all members to a URL / script of my choice.
                                        PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -

                                        Comment

                                        • AmeliaG
                                          Too lazy to set a custom title
                                          • Jan 2003
                                          • 10663

                                          #21
                                          Originally posted by quantum-x
                                          Hi Amelia.
                                          I recently did an Epoch migration within the last month, and that was not the case. They posted all members to a URL / script of my choice.


                                          I use Epoch's script to manage Epoch members. If I want to refresh a password file and they won't email the encrypted passes, what would a URL post be like?
                                          GFY Hall of Famer

                                          AltStar Hall of Famer




                                          Blue Blood's SpookyCash.com

                                          Babe photography portfolio

                                          Comment

                                          • Ladyboy King
                                            Confirmed User
                                            • Nov 2008
                                            • 215

                                            #22
                                            What ways can you keep track of stuff this way? Anyone care to break it down for someone who doesn't know how to check this?
                                            I'll make you feel dirty and 13.7% gay.
                                            XXX - All your ladyboys are belong to me!

                                            Comment

                                            • quantum-x
                                              Confirmed User
                                              • Feb 2002
                                              • 6863

                                              #23
                                              Originally posted by AmeliaG
                                              I use Epoch's script to manage Epoch members. If I want to refresh a password file and they won't email the encrypted passes, what would a URL post be like?
                                              Ask for a copy of their 'Epoch Client Controller' script. It writes to a file or database of your choice. They will quite happily repost all the UN/PWs to it.
                                              PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -

                                              Comment

                                              • pornpf69
                                                Too lazy to set a custom title
                                                • Jun 2004
                                                • 15782

                                                #24
                                                Originally posted by Ladyboy King
                                                What ways can you keep track of stuff this way? Anyone care to break it down for someone who doesn't know how to check this?
                                                you can always use some password sharing detection scripts to avoid those "permanent" users from sharing their passwords...

                                                Comment

                                                • VGeorgie
                                                  Confirmed User
                                                  • Nov 2008
                                                  • 359

                                                  #25
                                                  Originally posted by pornpf69
                                                  you can always use some password sharing detection scripts to avoid those "permanent" users from sharing their passwords...
                                                  This doesn't help remove the once-valid subscribers who are now able to access for free.

                                                  The best thing to do is either have the password file regenerated, or compare active members to the ones in your htpasswd file. Those usernames in htpasswd that aren't on the active member list can be manually removed.

                                                  I do the compare with a Word macro, but any script junkie can create a grep shell command and you can probably do it right on the server.
                                                  Last edited by VGeorgie; 03-14-2010, 07:46 PM.

                                                  Comment

                                                  • NemesisEnforcer
                                                    Confirmed User
                                                    • Aug 2003
                                                    • 2122

                                                    #26
                                                    Originally posted by XXXMovie4M
                                                    i just got them to send me the latest and greatest htpasswd file then i re-added all the members for the day to make sure i didn't miss anyone in the process.
                                                    It's easier if you give them the FTP info and they will do it for you.
                                                    The Only Time When Success Comes Before Work Is In A Dictionary.

                                                    Did you ever notice: When you put the 2 words 'The' and 'IRS' together it spells 'Theirs.'

                                                    Comment

                                                    • XXXMovie4M
                                                      Confirmed User
                                                      • Sep 2008
                                                      • 359

                                                      #27
                                                      Originally posted by VGeorgie
                                                      This doesn't help remove the once-valid subscribers who are now able to access for free.

                                                      The best thing to do is either have the password file regenerated, or compare active members to the ones in your htpasswd file. Those usernames in htpasswd that aren't on the active member list can be manually removed.

                                                      I do the compare with a Word macro, but any script junkie can create a grep shell command and you can probably do it right on the server.

                                                      the word macro sounds like a good idea. especially for the owners with multiple cc processors.

                                                      i'm pretty handy with word so can you give some details about the macro?

                                                      Comment

                                                      • SBJ
                                                        So Fucking Fabulous
                                                        • Apr 2003
                                                        • 11387

                                                        #28
                                                        yup I checked mine for the first time in a very longtime and found 30 some extra users in there that weren't removed..

                                                        I wonder why they can't report or catch when the user is not removed.. I mean when ever there is a "User Management post error (JPOST)" they send you a email to have you re add the user that didn't get added correctly so why can't there be the same type of warning for this?

                                                        But yeah for sure it's a good idea to once a month or atleast quarterly request a updated pass file for your sub accounts to keep this in check

                                                        Comment

                                                        • XXXMovie4M
                                                          Confirmed User
                                                          • Sep 2008
                                                          • 359

                                                          #29
                                                          Originally posted by Ladyboy King
                                                          What ways can you keep track of stuff this way? Anyone care to break it down for someone who doesn't know how to check this?
                                                          unless you get ccbill to do it, you pretty much have to do it manually. from the ccbill admin, get a list of all the current members:

                                                          reports>members>active members

                                                          from there, select active recurring, cancelled/single, manual adds, and test sign-ups.

                                                          once you generate the report, you should have the same number of usernames that are in your htpasswd file located in the cgi-bin folder.

                                                          you can either have ccbill generate a new htpasswd file and email it to you so you can upload it to your server, you can have them do it for you by giving them ftp access or you can remove the usernames one by one from the htpasswd file.

                                                          Comment

                                                          • XXXMovie4M
                                                            Confirmed User
                                                            • Sep 2008
                                                            • 359

                                                            #30
                                                            Originally posted by SBJ
                                                            yup I checked mine for the first time in a very longtime and found 30 some extra users in there that weren't removed..

                                                            I wonder why they can't report or catch when the user is not removed.. I mean when ever there is a "User Management post error (JPOST)" they send you a email to have you re add the user that didn't get added correctly so why can't there be the same type of warning for this?

                                                            But yeah for sure it's a good idea to once a month or atleast quarterly request a updated pass file for your sub accounts to keep this in check
                                                            good pojnt, there should be some kind of check for this. i guess they don't look at it as a problem because it's not like ccbill is going to get a chargeback if someone isn't removed.

                                                            Comment

                                                            • ArsewithClass
                                                              So Fucking Banned
                                                              • Mar 2007
                                                              • 7957

                                                              #31
                                                              Originally posted by XXXMovie4M
                                                              last year i was looking up a password trader and discovered that he had cancelled over a year earlier but his username was still in the htpasswd file!!! so not only did he have free access for over a year, he was generous enough with his good fortune that he shared it with a bunch of his buddies!


                                                              check your shit!
                                                              I have also noticed passwords left in my files, but omg, nightmare for you that its was a wanker that wants to give your content away also! Sorry to hear this.

                                                              Thanks for the info of asking them to renew the password files.

                                                              Comment

                                                              • livecarlo
                                                                Confirmed User
                                                                • Jul 2009
                                                                • 123

                                                                #32
                                                                Originally posted by SBJ
                                                                yup I checked mine for the first time in a very longtime and found 30 some extra users in there that weren't removed..

                                                                I wonder why they can't report or catch when the user is not removed.. I mean when ever there is a "User Management post error (JPOST)" they send you a email to have you re add the user that didn't get added correctly so why can't there be the same type of warning for this?

                                                                But yeah for sure it's a good idea to once a month or atleast quarterly request a updated pass file for your sub accounts to keep this in check
                                                                Zombaio has this feature right on your control panel's homepage. It displays adds and removals and even shows you how many milli-seconds it took to perform the operation.
                                                                Filipina Hardcore \|/ Zombaio - Payment Processing at 4.9% \|/ TrafficHolder.com - Buy/Sell Adult Traffic

                                                                Comment

                                                                • ArsewithClass
                                                                  So Fucking Banned
                                                                  • Mar 2007
                                                                  • 7957

                                                                  #33
                                                                  Originally posted by andrej_NDC
                                                                  Those members cancelled their memberships...what makes you think they would all re-join? None of them would.
                                                                  What??? I have lots of members join then cancel straight away to join again a cpl of months later once they have a load of the latest new content. Lots of members cancel and return!

                                                                  if you find they dont, then your content cannot be what they were looking for in the first place.

                                                                  Comment

                                                                  • raymor
                                                                    Confirmed User
                                                                    • Oct 2002
                                                                    • 3745

                                                                    #34
                                                                    I've added to our TODO list building a system that makes this easy, or even better
                                                                    automatic, for you guys.
                                                                    For historical display only. This information is not current:
                                                                    support@bettercgi.com ICQ 7208627
                                                                    Strongbox - The next generation in site security
                                                                    Throttlebox - The next generation in bandwidth control
                                                                    Clonebox - Backup and disaster recovery on steroids

                                                                    Comment

                                                                    • andrej_NDC
                                                                      Registered User
                                                                      • May 2004
                                                                      • 7760

                                                                      #35
                                                                      Originally posted by ArsewithClass
                                                                      What??? I have lots of members join then cancel straight away to join again a cpl of months later once they have a load of the latest new content. Lots of members cancel and return!

                                                                      if you find they dont, then your content cannot be what they were looking for in the first place.
                                                                      I know they join later...but by that time, they don't know their membership might by still valid. As already said, just a few will re-check later with their old password. Most will just re-join.

                                                                      Comment

                                                                      • bjlover
                                                                        Confirmed User
                                                                        • Nov 2006
                                                                        • 514

                                                                        #36
                                                                        Originally posted by ArsewithClass
                                                                        What??? I have lots of members join then cancel straight away to join again a cpl of months later once they have a load of the latest new content. Lots of members cancel and return!

                                                                        if you find they dont, then your content cannot be what they were looking for in the first place.
                                                                        How would you know arsewithaids? You admited only getting 5 sales including rebills a month you dirty lying shitbag
                                                                        Arsewithclass has models who claim he wont pay them. Read his pathetic excuse here http://www.gfy.com/showpost.php?p=17...&postcount=102

                                                                        Comment

                                                                        • CyberHustler
                                                                          Masterbaiter
                                                                          • Feb 2006
                                                                          • 28739

                                                                          #37
                                                                          Originally posted by bjlover
                                                                          arsewithaids
                                                                          Not called for
                                                                          “If you can convince the lowest white man he’s better than the best colored man, he won’t notice you’re picking his pocket. Hell, give him somebody to look down on, and he’ll empty his pockets for you.”

                                                                          Comment

                                                                          • seeandsee
                                                                            Check SIG!
                                                                            • Mar 2006
                                                                            • 50945

                                                                            #38
                                                                            so check if you want and dont if you dont want
                                                                            BUY MY SIG - 50$/Year

                                                                            Contact here

                                                                            Comment

                                                                            • gmr324
                                                                              Confirmed User
                                                                              • Aug 2006
                                                                              • 1199

                                                                              #39
                                                                              1) Every Frog webmaster client ALREADY has THE solution to this problem now

                                                                              2) Frog has interfaces with most credit card billers that "outs" invalid usernames in the password file.

                                                                              3) This has been a feature in Phantom Frog since V1.0

                                                                              Discover more details here
                                                                              Last edited by gmr324; 03-15-2010, 02:36 PM.

                                                                              Comment

                                                                              • borked
                                                                                Totally Borked
                                                                                • Feb 2005
                                                                                • 6284

                                                                                #40
                                                                                Originally posted by XXXMovie4M
                                                                                when a membership expires the user is removed but if there is a problem with the connection then the user never gets removed.
                                                                                You will find a LOT of problems like this, 3rd party membership/affiliate tracking software included. Solution is to make sure your site (at least your postback site) is up 24/7/365 and that your connection to biller is foolproof.

                                                                                Neither is going to happen.

                                                                                I recently put in some custom member tracking stuff for a client, and this was the entire reason I added "expires" in the mysql table and have the biller postback update that field when the member renews. It's a "my glass is half full" situation since either you allow members to go on indefinitely when there is a network problem (ie they are not expired) or you get members that are expired because their renew postback didn't go through. I opt for the latter.... since a member will complain if they don't have access when they should have whereas the reverse is never true.

                                                                                For coding work - hit me up on andy // borkedcoder // com
                                                                                (consider figuring out the email as test #1)



                                                                                All models are wrong, but some are useful. George E.P. Box. p202

                                                                                Comment

                                                                                Working...