*** Site Security Question ***
 

Why would a refering URL show up in my stats like this...

http://username:[email protected]/members/video/


(user/pass/domain was changed for this example)

Thanks,
Bill

:helpme

EDITED: Was thinking of something else, sorry.

all that I've seen on password sites look like that

That's what I thought, but of course the member denies any wrongdoing or trading. I wish there was a method to find which site it was on...

check your server logs..

I think that can be determined. I know in my webair stats I can view referrers to certain URLs. I think so anyway. There should be a way you can find that out.

try googling it...Slight chance but worth a shot...

Already did, that's where I found the link I posted above. I don't see any suspicious other sites though, just the url that looks like the format above.

Tried it already, no luck :(

Hey Nick, I'm using awstats if that means anything.

Just because the member didn't give out his password doesn't mean that a script kiddie didn't guess it. They have brute force scripts that constantly run trying to guess different un/pw combinations to gain access into sites.

For instance the script will guess:
homer / simpson
bill / clinton
dallas / cowboys

Or whatever. It doesn't even have to be that well known of a combination. As long as it's two dictionary words, their scripts can guess it. I'm using StrongBox to prevent hacks like this since it uses cryptography. Here's their url, excellent anti hack script:
http://webmastersguide.com/?htaccess-cgi/strongbox/

Nah, this user/pass is all funky, letters and numbers, and I know when my server is under attack, been through it twice this year. I'm familiar with StrongBox, great script, I'm just not ready to go that big yet. :)