|
Password Software
Anyone want to recommend some password software ?
We use Iprotect and a few other little tricks but we are hit so many fucking times per day its like pissing in the wind. We block each password hacking attempt after 5 guesses but these hackers use proxy servers. So, if they have 5 guesses per proxy and a list of 10,000 proxies they still get 50,000 shots at cracking a password. We own a copy of the source to Iprotect and Im considering having our programmer rewrite it so its more efficient. I figure if someone already wrote a program that can do the job I might as well buy it. Our prgrammer writes in C, php, java and can do anything but password protection is a learning curve for him. Of course its never good to experiment when it comes to passwords and memberships so Im saving that as plan "B". Thanks ! |
you wont be able to stop em....dont bother.
the only real solution is a script like pennywise but thats pissing in the wind as well...... I suggest making the users choose 8+ character passes. Also...if you would like to inquire in some professional protection, let me know....i got some hookups :) |
save yourself the hassle and buy pennywize, at pennywize.com.
Its only $30 a month (for the least number of logins per day) and it works fine. |
Pennywize pipes your logs off to another server, then analyzes them, then writes back your server to tell it to block a hacker. By the time that happens theres a good chance your server isnt responding anymore. I also had my programmer look at their software and ( at the time ) he told me when it switches to 'root' theres a large securtiy hazard. I also dont like the fact that the owner of Pennywize has obvious ties with his own adult programs and has acess to my logs. I havent looked at pennywize in a long time but I dont think its basic operation has changed. It worked great for me 5 years ago with 200 members but it didnt work so good with 15,000 members and a half million hack attempts per day. For a small site I recommend Pennywize but it couldnt take the stress on my sites. Any program where my server has to send info to another server just aint working for me.
|
Quote:
|
We just released version 2.0 of passtrojan, you can check it out.
The beauty of it, it let's people who got the hotlinked password in, even though password is blocked, and you show them completely different page without actually having the nasty window to re-try the password popup for 3 times, and then getting the 403 page. This way you get all the traffic in for free, and you can send it out anywhere you want. check it out: http://www.passtrojan.com |
What OS are you on?
If you run NT Win2K I like DAF. Wont stop people from cracking them, but it only lets 1 user per username/password |
Try PassHack Killer
|
Quote:
If you wanna learn more about how they get in, & how to keep em out, i suggest you do battle with them in the trench's so to speak. Only way to learn how to stop them is to see it first hand. Heres a hint "Dalnet" "IRC" "#hackedxxxpasswords" By the way....heres some names you may want to look at on the search engines "Golden Eye" "Brutus" "Aries" You find out how the fuckers are crackin at ya.....you'll find out how to stop em. I also like the Aussie Rebel Beat down idea :) |
Quote:
|
|
Quote:
I know what they are doing and how, but I dont know how to stop them. Its the friggin proxy servers that are the problem. Sometimes they even use AOL proxy servers and you sure cant block those.. |
no....the aol & large isp ones, you really cannot stop.
however the foregin open port 8080,80 etc. you can stop ..but you would have to ping every visitor that came to your site. So basically your fucked unless your friends with the crackers ; ) I suggest you hire AUssie Rebel to take out the trash =) |
FYI - deny.de is no longer
|
i had a long paragraph here, but i gave up on it because no matter what i say people are going to do the opposite :321GFY
|
Quote:
|
Quote:
|
Quote:
|
Ahhhhh ok the other day it was going to security.de or sum shit.
Guess they got it back up ; ) |
LoL i invented this technology for porn sites in 1995 thru CyberErotica...
|
BTW Sleepy ... terrific thread ... thank you very much ...
Very informative ... |
Talk to Oliver Klozov he has some good shit on the way
|
Quote:
|
Well Sleepy, I don't really know this tech stuff very well ... so excuse my ignorance ...
But I am trying to learn ... so I am grateful for this thread ... And what I continually hear is that any off the shelf password protect program does tend to get hacked eventually ... obviously because a lot of webmasters use it ... and the hackers get a lot of mileage out of it ... The only real solution that I can see is to develop your own proprietary stuff ... But that's bad news for someone like me who doesn't have the means or expertise to do so ... |
Quote:
|
Oh ... I wasn't feeling insulted at all Sleepy ...
I am, in fact, ignorant on a lot of this stuff ... LOL. I was just stating the truth about myself ... not responding to you in that regard ... If you do come up with some solution to all of this though ... I'm all ears ... |
Quote:
|
Sleepy,
If you want to block 95% of the button pushers, make your login a form based login like globill. You will notice a dramatic decrease. Note: let's see if my signature is wack. :) |
Ovelo Sentry, www.ovelo.com, doesn't require root like Pennywize so there isn't a security breach!
|
| All times are GMT -7. The time now is 10:59 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123