Members area security?
 

what do you use to protect vs brute force and password sharing?

Pennywize?
STH?
other?

Pennywize seems to be the most used.

hi Merrioc

If you would like to try Pennywize free, just jump on the website and sign up. Give me a yell and i'll make sure one of my tech guys does the installation for you ASAP.

Thanks,


Steve

MemLogin from Paysite Powertools and iProtect

proxypass seems to be one of the best

I buillt my own, its the best :)
(see sig)

Hi, I emailed you twice asking for a trail and got no answer about two weeks ago.:(

Check out iprotect. It's pretty cool. Lots of features.

Compiles directly into Apache and you don't get charged on a per member basis. The license also allows use on multiple servers.

http://www.digital-concepts.net/cgi-iprotect.html


Well worth it.

Strongbox is a whole new approach that is WAY above and beyond
anything like Pennywize.
Not only does it keep the hurlers from getting in, but it discourages
them from even continueing the attack and slowing your server.
It protects from hurlers (brute force attacks), password sites, and various
other evils.
Unlike PennyWize, Password Sentry, or other old fashioned approaches,
Strongbox is 100% compatible with the latest versions of Microsoft Media
Player.
All that, and the price is definitely right.
Several of the well know members of this board, TLA's, and
GFY use it on all of their pay sites and swear by it.

For more information, see:
http://webmastersguide.com/?htaccess-cgi/strongbox/

Mostly I see people using Pennywize although iprot is also getting a few more users these days.

Password Sentry all the way!

i see this posted every week or 2..

We used Pennywize for our sites, very good stuff, nothing bad to say about it, but now we use our own protection :thumbsup

I run sites like http://www.hegre-archives.com and http://www.galitsin-archives.com and they are under constant brute force attacks. I have tried all the programs out there and there is no doubt about which one is the best....its proxypass

look here:
http://www.proxypass.com/

the problem with the other once...including pennywize is that they are to slow to stop the heavy attacks before the server(s) goes red and the surfers gets pissed. Before i started using proxypass hackers managed to halt the servers many times....after proxypass....it has never happened :-)

...and one more thing...proxypass works perfect with load balanced systems

:thumbsup

galitsin :thumbsup

http://www.galitsin-archives.com/notd/notd_large_30.jpg

personally, i have written my own custom mod_perl module to do authentication and i handle this stuff in there with mysql tables.

if you are looking something to stop heavy load there is this great product you can buy which is a hardware box that will stop the hit from hitting your server like a firewall. its very advanced and very awsome.

its called v-secure netprotect vrom arces

www.arces.com

I use pennywize for my paysite and program...

Virtual solution's Sentry!:thumbsup

We create own protect software.
If you have programmer in team, it will do it in 2 days maximum.

I think im going to go with pennywize when I get my paysite up.
But we'll see.

tried pennywize
um great product does the jobs, waste my traffic. I want more control based on the user name what I do with it (IE known password list thats prolific redirect, common AOLer let me unban bruteforce redirect to all over the place :Graucho ) can't do that with your product.



I tried "stop that hacker" hated it cause it deleted the user and pass from the .htpasswd file, which sucked when it was someone on an AOL proxy.

wrote my own... got the password sharing stopped nicely plus I utalize the traffic rather then just going to a block page.

bruteforce, use an apache mod, but I may be looking for a custom solution from someone.

thanx for all the feedback at least I know I'm on the right track

As a strongbox user i'd recommend it to anyone.
Strongbox rules! :thumbsup
Instead of vulnerable patch ups, strongbox throws in a unique crypto solution which identifies 'bad folk' and takes action accordingly.
It runs on your own server, no montly fees and cool reports!
'Brute force attacks' , 'password sharing' , "referer spoofing" , 'slurping' , "attacks from open proxies" , you name it ,it aint hurting me!

Totally Agree! Great Script! Great Guy :thumbsup

exactly
www.pregnantschool.com/members/