Password list (check your sites)
 

I just found this password site this morning and saw that alot of member's area are accessible, maybe you should all take a look, see if your sites are listed here, the list is huge!!!

http://tmd.df.ru/private.html

Have a good day everyone

Damn, I found my site on that list. Looks like I got few passes to kill. Thanks for the heads up!

Thats a big list.. mine isn't on there, yay

Someone needs to beat that password trader into a coma and post pics as a warning to other traders that, "Yes. It CAN Happen to YOU."

"Assholic Wanna' Jerk Off But Don't Wanna' Pay Cretins" -- That is what I think about password traders.

hmm.. I'm on the list too. And I see that pennywize is working

just fucking iframe that list... he'll be out of business in no time

That list is is 1.4 meg!

ouch, ninaknowsbest took a hard hit

:mad: the password kiddies needs to die in hell :ak47:

WOW! thats one bad ass password list

Three passwords to my main site, one to my newer site. Sheesh. How are they getting these passwords? At least seem to be hacked, since they aren't in the CCBill database.

I also checked some sites of friends of mine. That's a lot of passwords for some sites... Scary.

I found a new homepage :thumbsup

w0000000t

df.com seems to be a russian isp, and that password list is probably on some users personal webspace.. Try contacting DataForce support, to remove the list..

How am i supposed to get free porn without this list? Ohhh..right, tgp's...nevermind, go ahead & kill it.

damn ...:321GFY

Yeah it looks like they got me. So if anyone wants to check out my members area's before I kill the passwords enjoy !

didnt we have a list like that some month ago? =)
looks nearly the same :BangBang:

damn he's back.

that guy back in April had the biggest fucking password list of the best sites i'd ever seen. The fucking thing took like 5 minutes to load it was so big.

Here's another for ya boys...

http://pass.nejcpass.com/

it is 404'd now

They arent processor lists, I checked ours and some of them were manually added passes, the rest crossed all processors.

they might not be processor ones, but these guys knew what they were doing..

we had like 15 passwords in there..

and I checked with epoch, and most of all the logins that were used were logins of Long lasting members... all like 2-5 months, recuring members...

Some people just run scripts that run dictionary entries until one of them works. That's a real common way of hacking. What you need to do to prevent this is to limit the velocity of logins from a particular IP address, i.e. no more than 5 login attempts per minute, etc. This way, your regular user can retry his login if he fatfingered something, but the scripts trying to hack you will be slowed down to the point of being impractical.

99% of these guys are only capable of doing brute force dictionary attacks.

Small number who can actually hack and start adding usernames/passwords.

There really is nothing you can do to completely get rid of the problem. They will hammer away no matter what. Pennywize does a great job of keeping them out of your members area fast. What i don't understand about Pennywize users is that most just leave the freeloaders at a deadend Pennywize page.
You might as well get some use from the traffic, it's no worse than TGP, i actually think it's better. So I don't understand why the Pennywize page doesn't redirect to a banner farm or toplists or just console hell.

some of them might be using the wide open security holes in Epoch's script, if you use Epoch on your site. (i'm told they've "updated" it, but i have yet to see this on any servers.)