GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Mysteriously Added Usernames (https://gfy.com/showthread.php?t=480642)

Mutt 06-13-2005 11:38 PM
Mysteriously Added Usernames
 
Here's the situation - there's a member, legitimate member, has signed up through CCBILL, he's been cancelled twice for being a pain in the ass - he logs in from 3 or 4 different IP addresses - the mystery is that he seems to have the ability to create new username/passwords to login once he's been cancelled - these new usernames don't show up in CCBILL's admin(not a cancelled member, not a manually added signup, not an active member,nothing) or Paycom's as a member. Anybody know what this guy could be doing to add new usernames for himself? This are now two usernames he has that CCBILL and Paycom don't show.

thanks

AlienQ - BANNED FOR LIFE 06-13-2005 11:40 PM
Get Strongbox

Matt 26z 06-13-2005 11:54 PM
Could be SQL code injection.

http://www.sitepoint.com/article/sql...n-attacks-safe

nofx 06-13-2005 11:56 PM
I would just blame Jesus

AsianDivaGirlsWebDude 06-13-2005 11:59 PM
Quote:
Originally Posted by Matt 26z
Good article Matt, thanks! :thumbsup

ADG Webmaster

stevo 06-14-2005 12:08 AM
I have the same problem (even with Pennywize protecting my sites), people are able to hack my .htaccess and create their own accounts! I'm not sure how they do it either...

blackmonsters 06-14-2005 02:14 AM
Quote:
Originally Posted by Mutt
Here's the situation - there's a member, legitimate member, has signed up through CCBILL, he's been cancelled twice for being a pain in the ass - he logs in from 3 or 4 different IP addresses - the mystery is that he seems to have the ability to create new username/passwords to login once he's been cancelled - these new usernames don't show up in CCBILL's admin(not a cancelled member, not a manually added signup, not an active member,nothing) or Paycom's as a member. Anybody know what this guy could be doing to add new usernames for himself? This are now two usernames he has that CCBILL and Paycom don't show.

thanks
Simple...He has determined the name of the ccbill script on your server.
You most likely have the same name that the script comes with.

Solution: Change the name of the ccbill password script on your server to something like this:

ccbil39845wjHIiekjnsjj595j~smIMkmkbd.cgi

That should shut him down forever.

Godsmack 06-14-2005 02:23 AM
Quote:
Originally Posted by AlienQ
Get Strongbox
Yep, that solved it for me!

fris 06-14-2005 02:30 AM
strongbox is excellent, ray is good people :)

SGS 06-14-2005 03:22 AM
Looking forward to learning more about the new NATS security solution.

SomeCreep 06-14-2005 03:29 AM
Quote:
Originally Posted by Mutt
Here's the situation - there's a member, legitimate member, has signed up through CCBILL, he's been cancelled twice for being a pain in the ass - he logs in from 3 or 4 different IP addresses - the mystery is that he seems to have the ability to create new username/passwords to login once he's been cancelled - these new usernames don't show up in CCBILL's admin(not a cancelled member, not a manually added signup, not an active member,nothing) or Paycom's as a member. Anybody know what this guy could be doing to add new usernames for himself? This are now two usernames he has that CCBILL and Paycom don't show.

thanks
Make sure you are using the most recent ccbill and paycom scripts. The old ones have exploits.

SGS 06-14-2005 04:00 AM
Quote:
Originally Posted by SomeCreep
Make sure you are using the most recent ccbill and paycom scripts. The old ones have exploits.
That has always been the case. How recent is the most recent script?

Theo 06-14-2005 04:03 AM
talking about advanced porn surfer!

SomeCreep 06-14-2005 05:17 AM
Quote:
Originally Posted by SGS
That has always been the case. How recent is the most recent script?
I dont know, you'd have to call ccbill or paycom to find that out. When I say it is important to use the most recent script, I dont mean from month to month. I mean every couple of years, if one is experiencing problems with their script, they should call their billing company to make sure they are running the most recent version of their script.

blackmonsters 06-14-2005 12:59 PM
Some thick heads in this post.

Exploits in the ccbill script? So fucking what? They can't exploit a script that they can't find because you changed the name.....DAMNNNNNN!!!!!!


All times are GMT -7. The time now is 06:19 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123