Paysite Security Workshop
 

I would like to dedicate this thread to ideas and methods of paysite security. There are several issues that paysite owners have to deal with when it comes to securing their content and I think if we had and open discussion here about it, we all may benefit from it. Here are some of the questions for discussion.

What are some ways you can protect against password hackers & traders?

What methods do you propose for preventing someone from leaching all your site's content on a trial membership?

How can you prevent your content from becoming widely distributed on file sharing programs such as Kazaa?


I don't run any paysites myself, so I'm interested to see what type of solutions to these problems are out there.

< insert reply here >

< insert another useful reply here >

What are some ways you can protect against password hackers & traders?
> Random passes, software for multiple IP detection per username, proxypass to protect from proxy attacks.

What methods do you propose for preventing someone from leaching all your site's content on a trial membership?
>software such as pennywise to lockout account for set number of GB downloaded per day.

How can you prevent your content from becoming widely distributed on file sharing programs such as Kazaa?
> watermarking, DRM if videos

nothing is 100% unfortunately

>I would like to dedicate this thread to ideas and methods of paysite security

Here's my donation:
http://www.crack.sh/hack/msgs/

Well to stop leeching, I was thinking about using the normal .htaccess refurrer tags, I mean let people into the

www.domainname.com/members/index.html

which is protected with the persons password, and have a FORM post sort of link that then sends the surfer to

www.domainname.com/content/index.html

which will only allow people who come directly from domainname.com.

Spiders and leechers can't read forms. So if your password protected area has no content or very very little, and you have a link that says "Galleries" that is a form link. the spiders can't follow it and they can't link directly too : domainname.com/content/index.html.

I'm planning on testing this on a few new sites soon, does anyone know the form html code that is required for this???
Save me searching on google for 30 mins trying to find it :)

Sammy

Sammy, whoever told you that, lied. Spiders deal with whatever they've been programmed to deal with.

All pay sites big and small should install something like "Stop That Hacker." http://www.stopthathacker.com

Then sit back and relax.

Hugs,
Danielle

Sure but I've never seen any options for following <form> tags. I mean there MIGHT? be one that does but teleport pro and blackwidow don't, I'm pretty sure of that. I mean they can't handle Cgi, anything that is linking to .cgi files the spiders can't follow.

Tell me a spider / offline browser that follows <form> tags?

Sammy

Ok for multiple logins I use iprotect. Its compiled into apache so it has no performance penalties like I experienced in pennywize (early versions)

To prevent leaching I use a simple little cgi script that checks the referrer and loads the files to the browser. Unfortunately if someone wants to leach it is possible. I have much experience in leaching because if you want to protect your site you have to be an expert at it to see what is necessary. However it is possible to prevent it when normal joe is doing it. I will not disclose how you can leach every site of obvious reasons but you can only protect against it if you crypt every link and run it through a database which is so much damn work that normal people wouldn't even consider it.

It seems Flash is relatively well protected from leachers but I haven't checked out the latest offline browser generations.