Pennywize Questions
 

I Pennywized 4 of my sites last week and so far it is working pretty well. Judging from what I see now I would say that perhaps as much as 50% of my bandwidth was being used by stolen traffic. The brute force blocking has helped cut down the number of compromised new ID's as well.

The question is - If you are on the 399 login per day plan and you get 400 logins what happens? Does it cease to work until the next day?

If you actually have 399 members logging in in a single day, can't you just afford the $170 unlimited plan?

SpaceAce

Shoplifter, is this the first time used used a script or package to protect against password trading, or is Pennywise replacing another solution on your box and works that much better than the previous script..?

this can be answered on the pennywize page.

pennywize still functions but doesnt block access i believe.

Actually I went to upgrade plans but the only option is to buy a complete new plan and not merely upgrade the one I have had for only 4 days. My logins are at about 420 or so a day.

Pennywize is my first. I have been under brutal attack from the Korean BBS crew for the past couple weeks.

I fail to see how Pennywize is worth the supposed extra benefit you would gain from using it. Surely there are free, basic things you can do yourself to bring password traders to their knees.

Three free methods I use which I am happy to share are:

1. Have a form which prompts people for their username before they are taken to the a page with a link to the htacess protected part of the site, this stops most brute force scripts dead.

2. Use simple cookies on the main members page which are required to see the page. More than one login from a single IP results in the cookie being invalidated.
A few lines of php and a mysql database are all that are required for this.

3. Fairly obviously, keep all your scripts for username & password generation safe. make sure proper file permissions are applied to these scripts and they are not stored in obvious places. if your processor (many do) lets you rename the add user cgi then use a name which is difficult to guess.

These methods are free and have prevented my sites from being abused by password traders.

if you want some help in dealing with the situation i can give you some pointers...

icq me
93437521

#1 is basically useless....just ask AB :2 cents:

If it stops most password scripts which, judging from watching my logs daily, it does then it's not useless.

Anyway it's just one of a number of things you can do to minimise the chance of being raped by script kiddies.

The main benefit of Pennywize in my case was that I could set it up in 10 minutes with no significant alterations to my sites. I'm going to study what happens for a little while and then see what I can do.

I know of a few sites that are now using DMR licenses for their movie files....I'm thinking along these lines to completely control content access even after media is downloaded. One site I have been watching now grants 3 day licenses only for each WMV file.

Hey Shoplifter

Just chat to Steve @ Pennywize

I am sure you can just pay the difference by paypal or something - or he will probably just even give you free time.


Robert.

#2 means that your site will not work with dynamic proxies including AOL