Paysite owners: What's your IP threshold?
 

Those of you who run IP tracking software like Pennywize or whatever, what do you set your unique IP limit to before the user is suspended? Just curious. I have mine set to 10 and was wondering if that might be too high. And do you explicitly tell the surfer that "You have X number of unique logins"?

beleive ours is set to 5

5 here as well, but no Pennywise... we use PWSentry..!

proxypass... its set to 5 i believe, and has caught more shit than pwsentry or pennywise ever caught. bandwidth usage is down & joins are up.

5

15, if i had it set at 5 about 25% of my subscribers would be blocked.

Even with pennywize im having trouble with people hacking accounts, even my own personal user/pass was hacked. Everythings chmodded correctly so i dont know whats up or what else to do.

I've got it set at 10

What is special about proxypass that makes it that much more effective than Pennywize or PasswordSentry? Don't they all just keep track of unique IP's that are associated with a given login/pw?

i have no idea. all i know is its catching more from day one...

I use ProxyPass. It was set to 7, but I've lower it to 5 and it seems to be working well there.

I have mine between 10-20.

10

If only it were that simple.
With Strongbox we set parameters for the number
of unique ip _RANGES_ in a two hour period if none
of the ips are proxies,
the number of unique ip ranges in a 48 hour period if none
are proxies, the number of different countries those IPs
can be from in a 2 hour period and a 48 hour period, and then
ll of those same settings if any of the IPs are open proxies,
then again the same settings if some are AOL proxies.

I don't think it's possible to come up with a single number
tjhat would be at all effective with a system like Pennydumb
and indeed when we install Strongbox to replace Pennydumb
on a site we generally see about 10-20 usernames
get busted that Pennydumb hadn't detected within the first 48 hours.

I had ours set to 10 a long time ago for about 3 days and i was getting 50 emails a day from AOL users saying they are blocked.
AOL users get a different ip every time they login. Hardcore porn surfers might login to your site 20-30 times in a day...you will lose money with that setting i think.

Pennywize does the job detecting who's gotten in, but it doesn't do as well preventing them from getting in. Its brute force attack protection algorithm is rather simplistic. In this age of open proxy servers counting an IPs 401 requests against a threshold just doesn't cut it.

That about sums it up, however, different systems track different IP ranges. Pennywize, for example, tracks Class C subnets (ie. 1.1.1.*). Since many larger ISPs own multiple Class C IP blocks unless you set your thresholds rather high, you'll get false positives.

Our own system, PureMember, tracks slightly larger IP ranges so we've set our default threshold to 2 without any problems.

Shinjin
puremember.com

On Iprotect we ban when more than 3 different Class C IP try the same username