spoofing to get into paysites, some of you guys are getting hacked
 

ok, i realize that probably the majority of surfers here are not paysite owners, so few people give a shit about this.

but let me explain something.

if surfers do not have to pay for content if has a ripple effect on everyone who does BUSINESS here.

let me explain.

all of our income comes from surfers, either directly or indirectly---if surfers don't buy memberships we ALL suffer, content producers, traffic jockeys, affiliates, everyone.

and this shit ain't my hobby.

now a german guy wrong a very effective hack to get into paysite member areas---if you OWN paysites i suggest you go to google and use the keywords: "www.mydomain.com" and "spoof" and if anything comes back you are getting free riders.

if this is the case, and you also use ccbill, i am working with ccbill right now to implement the fix for this.

and if you own a paysite (and i can verify it) post your contact info here and i'll send you the link to download this hack utility and you can try it on your own paysites---and the results will scare you into doing something about it.

i will not post the link here.

NO, paysite owners if you see you have a vulnerability to this do NOT post your contact info here for every hacker to start probing your sites.

send me an email with your email address to a domain name you control ([email protected]) etc., and i will send you the link to this hacker utility.

i hope no one will post the link here, but maybe some idiot will.

get the info you need to tighten up your member areas:

[email protected]

i'll monitor this email for a few days only. have a good day:)

just for your information: this affects mostly paysite plugins, as they use the referrer for authentication but most normal paysites do NOT.

thanks for the info n00b :)

most of us already know about this.

if feed A. gives access to site B.

you just have to spoof the ref and target.

most of us already know this.

and do nothing about it....

does not affect only guys carrying feeds.

there is not much you can do about it

bla :upsidedow

Actually just go to google.com and type in

www.site.com password ?

or soandsoscript.zip nullified


50 trillion backdoors and nullified scripts.

its all about target audience , if you dont know this you prolly are NOT making any $$$$$

Spoofs work on weak-protected sites that check referrer URL by means of .htaccess file. Normal paysites are protected with .htpasswd file and they can't be spoofed at all. For example, try to spoof one of my sites and you'll be fucked up.