GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   SITE OWNERS (ccbill) attention! (https://gfy.com/showthread.php?t=386789)

gazool 11-11-2004 02:09 AM
SITE OWNERS (ccbill) attention!
 
Have you experienced "attacks" on your servers with 400+ password combinations... and the first or atleast one of the first attempts is going through?

I'm talking about someone sitting on alot of correct passwords, who is just hitting sites to see if they are valid still...

Project-Shadow 11-11-2004 03:22 AM
If someone is hitting you and getting a tonne of correct hits i'd check your server logs.. someone might of found out where you keep your htpasswd and ccbill cgi's.

SpaceAce 11-11-2004 03:32 AM
Quote:
Originally posted by gazool
Have you experienced "attacks" on your servers with 400+ password combinations... and the first or atleast one of the first attempts is going through?

I'm talking about someone sitting on alot of correct passwords, who is just hitting sites to see if they are valid still...
Are you saying that someone will brute your members area and out of 400 or so hits, at least one usually works? Is it always one of the first few?

Sounds to me like someone just has a really good combo list. Many people (especially trial abusers, I think) use the same username and password combination everywhere so if you compromise a couple of CCBill sites OR if you just collect valid username/password combinations from password boards and IRC, you can build a combo list that can get you into a lot of the major sites.

SpaceAce

sweandy 11-11-2004 04:26 AM
Pennywize

gazool 11-11-2004 05:41 AM
Thanks guys...

This is not the case on my own sites... ( I do use Pennywise )
This is the case on another non-enclosed site...
The reason I'm asking is to see if this is more of a global problem, which means that the passwords are coming from somewhere higher in the system than the member-server...

As to the Pennywise comment...
Isn't it only if there is several unsuccessfull logins from the same IP that it will be blocked?

I'm talking about someone hitting the nail almost everytime...

There is no trial option and the passwords are strong...

I'm leaning more towards Project-Shadow - but I dont know...

William-Xfactor 11-11-2004 05:50 AM
If they are getting stacks of working combinations
They either found and decrypted the sites password file or one of a similar site

svenski 11-11-2004 06:02 AM
Verotel scripts can be a problem, as can sites with the older "standard" CCBill install.


It might be nothing to do with a CCBill script, might be another vulnerable script on the server.

As for passwords, there are files with hundreds of thousands of combinations to download and hurl at a site.

If you use Pennywize it will at least help a bit as the 'hurler' will need to have quite a lot of unique ips to switch between to keep firing the usernames/password combos at your site.


All times are GMT -7. The time now is 08:52 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123