|
Stolen Passwords How To Find Them and Prevent Them
I saw this thread:
https://gfy.com/showthread.php?p=19861288 and was rather surprised by the responses. If you run a paysite, it's important to prevent stolen accounts and password abuse. Bandwidth isn't as expensive, but server load can be deadlier. Paying customers want a site that loads fast and downloads faster. The basic solution is to purchase specialized software or program your own to detect stolen accounts and block them. Strongbox https://www.bettercgi.com/strongbox/ is often recommended. But what if you are just starting out and can't afford $269? Or you want more specific details? Or you do have a password solution but it isn't online yet and you need information NOW? I'll show you what I did on Femjoy / Joymii to detect stolen accounts. I've shared this with other program owners and I invite you to share your methods so we can all learn. 1. Install Google Analytics and Track Your Member Pages I'm constantly surprised how many program owners do not track their members area. You should do it now. You get really useful insight into your member behavior. Once we did, something was obviously amiss. We had 15X the number of uniques per day, as we had members. For most paysites, your daily traffic should be 1/3 to 1/2 of your total member count. 2. Check Out Your Referrals. There are two places: Real-Time -> Overview -> Top Referrals. Take this route instead of "traffic sources" because you can see the full urls of where the incoming traffic is from. You can see the exact pages where stolen passwords and logins are posted. and Acquisition -> All Referrals Go here to catch the rest or the ones the previous days. Referrals with low bounce rates means working passes. If at this point you can't afford strongbox or your solution isn't ready yet, you can easily catch 95% of the stolen accounts by manually finding them in this manner, and shutting them down. Most are reposts from the bigger forums so taking down the ones posted on the big sites usually does the trick. When you first start doing this, you'll only find a couple of accounts. Taking them down gives you breathing room for days. But then the number of stolen accounts start increasing. If you are a medium size site, as you take down the stolen accounts, the hackers get more aggressive and post new accounts more frequently, to the point manually doing this requires checking at regular intervals during your day. That's inefficient. So do this: 3. Get Strongbox or Similar Solution Get it. It's one of your best investments. You'll earn back the costs within a day if you are small-medium. 4. Google your site/domain Open an incognito window/private window in your browser. Go to google and do a search of your site name and domain. If any pages with stolen passes for your site shows up within the first 2 pages of results, DMCA google immediately. Repeat the process for more refinement using "sitename.com passes", "sitename.com passwords", or something to that effect. Here's what our member area traffic looked like before and after: http://img.ymlp.com/fire_stolenaccounteffects.jpg Finally, here are some of the big password sharing sites/forums http://porn-w.org http://dixvi.com http://crackingforum.com http://passlot.com http://mygully.com http://bugmenot.com There is one other site, but I forgot the address because it uses "ganuurl.com" as the referral/redirect. I'll update this list once I remember. Pretty much taking down your stuff from these sites will do the trick, and any that show up as pastebin or similar. SteveLightspeed had a comprehensive list from last year https://gfy.com/showthread.php?t=1066323 but you don't have to go through them everyday. The most efficient way is to check where the majority of your traffic is coming from in analytics. Best of luck |
Excellent Michael
|
Quote:
I don't have GA in members areas, good idea though and I will install it. |
Quote:
At the time, the programmers on our team were not analytics guys and not aware of the extent of the problem. They figured it was only only a handful of stolen accounts. After the bad experience with the previous software, the development team decided to program an in-house solution which was pushed back because it was deemed low priority. |
I like password sentry and his customer service is second to none.
|
Quote:
Nice post Michael. If you’re a webmaster and have never looked at your server traffic logs, I highly suggest you do. What you see may surprise you. Not only will you see passwords being shared but you’ll also see brute force attacks of hackers/pirates trying to test known username and passwords. |
thanks for the info.
|
Quote:
|
Quote:
|
Very interesting thread.
I definitly need to get GA into my members area. I have been noticing high server loads recently and maybe this is the cause. When you have time could you hit me up Michael , would love to talk some biz with you. Regards |
|
Another one with stolen U/P here:
http://www.box.wixvi.com/2013/ |
Great thread. Thank youssssss to the OP. :thumbsup
|
What do we do if we run our sites on nginx?
|
Quote:
A properly written piece of software will not just look for multiple IPs, but also restrict login attempts. We do occasionally look at our server logs for abnormalities. For example, we discovered a backdoor was exploited a few months back. The hacker also attacked our friends at DDF so we shared the info and fixed the problem. |
Quote:
|
Quote:
That particular exploit is fixed, as well as a few others when we had a tech security team in to service our servers. So Ladida brings up a good point: by the time you reach 500 members, invest in backup systems immediately. Get them as soon as you can afford it, but at 500, you have no reason not to. But that is a topic for another thread with someone with more knowledge about that. :) |
Ask Teencat... he knows how to hack them, and how to prevent them.
|
| All times are GMT -7. The time now is 05:45 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123