Freeloaders!
 

I'm new to the board, but not to the biz.

I got a chargeback from a member subscription. When I checked the logs, I found that the user/pass was being used from multiple domains and IPs so I began digging. I found a listing on a bulletin board where the user/pass had been posted, along with several thousand others.

After some more digging, I found a few other BBS systems where other (current) passwords were also listed. Basically it amounted to almost half the traffic on the site was coming from freeloaders.

I've now started recoding part of the site to alert me when members login from more than a reasonable number of IPs or domains, or if I get logins to an account from countries other than the country where the membership is registered.

How do you guys deal with this problem? Is there a simpler way? I realise that slipping out free passes now and then can only be good advertising, but a lot of the people using these BBSs will never convert.

Oh, one last question: Can anyone recommend a good target site for popup hell that I can redirect these freeloaders to? Preferrably one that has NO exit loop!!! :BangBang:

Your thoughts appreciated.

Why dont you use something like Pennywize?

Next time post url's,please

one simpler solution would b using mixture of numbers and words that dont equal one.

like Q2dd3fc

some shit like that, remember they are brute forcing u most of the time, and the way one works is it uses huge txt files full of word + mixed words + tons of combination between letters and numbers.

a complex pass is harder to crack.
and the ones that arent brute forcing are cc frauding your site. and most cc fraud probly comes from a country like russia or china, redirect those people off your site using a geo target script.

that should solve some problems without in need of a major expensive script.

i can put you in touch with a collection agency that may be able to helpif it ends up as a chargeback (refund); you have to have your own merchant account however. you would have to talk to the guy and explain your situation but the great thing about this company is that you can put "unpaid" funds (loss of debt) for the person in question against his credit report cause they deal with experian (and when a credit request is made, the 3 important companies are experian, trans union and equifax).

they also deal with customers who are international. they leave no country untouched.

see what we have to resort to because of scum customers?!!?!

if you want this company's info, icq me. that goes for anyone else as well.

btw i believe they can go back as far as 7 years. i know for some who have lost a merchant account, it doesnt do much but the pure satisfaction that this will end up on a persons credit report which could prevent them from say, ever buying a house, seems justified.

Just to let you know you are new to the biz also from your thread.

Thanks guys.

The URL of the first one I found is http://austin.axg.net - take a look at the "Chickz" forum

I'll post the others up when I get chance, I have other fish to fry at the moment.

Thanks for the info on pennywize, but they don't do much more than I can do myself in PHP/MySQL, and without the overhead of a monthly payment to them. A few machine cycles on a high bandwidth server isn't a big deal, especially when it has access to the info already from the current logon and doesn't need to do much in the way of reverse lookups.

Metaman: Good idea, unfortunately the user/pass setup is all done by Verotel. I'm changing the scripting from that point of view so that users can change the pass when they need to which will allow me to enforce more secure passwords.

I did a lot of digging into the chargeback - the account was used from a kinkos (twice) and then started hitting the lists so I'm guessing that the card number was probably stolen, although it was probably a family member since they had to get at the security number on the card. I'm not going to chase that one too hard, but I am still digging through the lists to find out where auston.agx.net got it from since it was being hit before it was posted there.

Triumph: All depends on your point of view now, doesn't it?

:1orglaugh

Get a copy of Iprotect. It compiles into Apache and solves all your password troubles.

http://www.digital-concepts.net/cgi-iprotect.html

Another freepass forum for you:
http://invisionfree.com/forums/XxXisrapass_forum

welcome to 1950 !!

dude .. this problem is not new

you could not come anywhere posting passboards here

make your site unbrute forcable at all
and use pennywize style something...

He he he ... I would have to wonder about their skills.
Look at the date on your given link. (at the top in yellow)
They still haven't fixed their Y2K bugs. :thumbsup

Check http://www.pennywize.com it is not that
expensive and you can redirect the naughty
hackers to any url you want.

:glugglug

True. The guy who writes all the software (Chris) is a pretty busy guy. I don't even think he actively promotes this site anymore. I do however know that he is one of the smartest programmers I've ever dealt with.:2 cents:

http://www.addis-welt.de/smilie/smil...d/welcome1.gif to GFY Pauper!!!:321GFY