Password traders/brute force...
 

I'm looking for scripts that combat those, I've heard of Pennywise, just before I choose I would like some feedback on what you use and why =)

Pennywize is what I use.

I'd caution you though, if you plan to use members.sitename.com pennywize will not be 100% effective..

Nope, at the moment it's just http://www.site.com/members_randomstring/ =)

Do you use the free version or the pay?

Why is that? =)

coupla lines of code should do the trick...

I code (ASP & VBScript) all of the anti-fraud, maybe I'm paranoid.

I'm sure you could do something in PHP or PERL if yer not a windows fan.


If you don't code, I'm sure someone on GFY will be happy to offer their respective services.

Yes, I'm looking for a premade script...Pennywise is looking nice as it also offers member usage stats as well.

Kinda curious on this password centry tho, a one time fee as opposed to a montly would be nice =)

pennywize works, go ahead and signup and dont think about it anymore...set your subnets to 10 and you should be all set.

:glugglug

I've signed up, just trying to decide if it is worth it to upgrade to the paid membership now =)

LOL, exactly how does it work better than pennywize?

The free version of pennywize seems to do pretty much the same thing sentry does...

We use StrongBox on all our pay sites and it rocks :)
send an email to Ray if you want to know more about it [email protected]

If you want the best use: http://www.proxypass.com/ :2 cents:

Those passwords thingies scare me; always hearing about cases where they fucked innocent surfers.

Besides, if you think about how they work, they don't, really. If a hacker launches a brute force from 2,000 proxies (I get these all the time) letting it fail on the apache username doesn't eat up a whole lot more cpu than Pennywise or whatever.

Me, I never worry about it. I average about a million break in attempts a day it seems but it doesn't seem to cause any problems, and with those impossible to guess CCBill passwords there isn't a chance in hell of getting in.

Anybody running a brute force attack these days is a stupid moron, not tooo many sites let you choose your own password anymore.

Also take a close look at Stop That Hacker http://www.stopthathacker.com

It's been around a long time and works great!

Most high speed proxie attacks use the faster HEAD request and Stop That Hacker stops 100% of all HEAD requests before Apache even reads the htpasswd file.

Hugs,
Danielle

My site used to get hacked a lot, but not since I started using Pennywize..:glugglug

Only one solution......

:ak47: :ak47: :ak47:

Phooey...I can't modify my httpd.conf file for pennywise...Someone suggested that .htaccess could probably handle what they need done.

Anyone heard of this?

Password sentry works well for suspending abused passwords
And only has one time license fee.
Been using it on our sites for 18 months and it's never let us down.

Random passwords are a must, but don't help you when your billing company gets hacked and all your un-encrypted passwords get out. Yes it happens don't be so naive!

None of these programs are 100 percent going to solve all your probs, but can save mega bucks in bandwidth.

Pennywise is a waste of money in my opinion.
Also tried RCP but to many probs banning normal member activity.

Password sentry rocks
and first class support from Dan.

Sentry runs completely on your own server and has an easy to use admin interface.
You are also able to manage your htaccess and password file directly from the sentry admin. The admin gives you plenty of information on what ip?s are accessing with each user:pass, referring urls and a built in feature to resolve ip's so you can quickly make a decision if the password is abused or a member is on an non-static ip ?dialup false alarm? you can also set passwords to be exempt from suspension if required.
Also has an email feature to send alerts directly to your mailbox.
Worth every cent.