|
CCBill .htaccess nightmare
I decided to reconcile my password files on some sites.
Knowing how things work I assumed there would be some bogus users in there, and in fact I found about 10. Not bad, for a year, but more than I thought I would find. It's not really CCBill's fault in my view (shit happens) but they should provide a tool to help reconcile the file - I ended up spending hours extracting users from CCBill reports, loading into mysql, and joining on .htaccess. Way too much work, but I'm going to do it occasionally from now on. If you have a paysite there is a good chance you have some expired users also with lifetime free access; you might want to take a look. |
im afraid to look
:( |
Yes, a tool would be very nice.
|
i had a nightmare with a client we jsut setup with them on that too. was liking jumping thru hoops to try and fix that shit
|
this may be a stupid question, but how did they get there.
Hacks or other? |
I had the same thing. Pennywize would disable a a username for multiple accesses/different IPs but when I checked in CCBill, they weren't listed as a member.
Turns out that my CCBill script was sitting where it was easy to find and hackers were managing to hahahahahahaha the script and create fake accounts. The Tech on the phone had it fixed in like two seconds. Now my script is safely hidden in a randomly named directory that's about a billion characters long :1orglaugh |
Since they brought out the newer J scripts, everything works great. Make sure that the old password file isnt still in an accessable directory or you can be sure it will be found and all those usernames will be hammered.
|
Quote:
|
Everything on my server is as secure as you can get - the password file is not in the web tree, the ccbill script name is random, etc.
Be very afraid. |
| All times are GMT -7. The time now is 06:29 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123