I think they got'em all
Amazing, look at all the paysites out there!

And of course look at how they hacked them all! :lol:


Those password traders have a job just keeping up with the paysite list!

The Monster Password leak (http://irc.scservers.com/13-11-02-Level10.html)

Maybee it aint no Shit, but we aint No Stupid eighter ! Or try not to be, altough found a few of friends!

You're right about trying to not be stupid, I think most of us have some sort of password protection running.

It does amaze me however that these password traders can break into that many sites each day.

There are some big names on that list and many of them actually work.

Most of the ones I looked at worked. Thanks for killing my whole afternoon. :P

Passwords sites are a major pain the in ass. It is not necessarily the passworsd getting out which is the problem, but the brute force hacking attempts on the server. It has been known to corrupt DBs and such...

I wish those fuckers would be beat down....

Those who support them are major COCKHOLSTERS....

Speaking of, anyone hear from JoeE lately? :zoinks:

seems like there would be security software for servers to protect brute force.

Has anyone used the newer verisons of Pennywize?

Any other good software to help kill traders?

There are some solutions to the brute force, but no matter what you do (as far as I know) you can't stop the "server request" that are generated by the scripts they use.

PennyWize doesn't stop the attacks, it just catches the multiple uses, in fact there are many sites on the list using PennyWize that are still wide open.

Ulffie I know how you feel, a lot of surfing to be done! :cdance:

Amazing how many sites look alike!

Tons of the same content!

No wonder it is getting harder to convince surfers to give a site a try.

Dianna, there is software out there called "Stop the Hacker" Which is effective for most scripts these gusy run. But the sophisticated hackers use multible proxies and such so it is almost impossible to stop.

Even stopping it puts a burden on the servers...

Ok I'll admit it....I looked a few sites

What you can really see is why retention sucks and surfers may be hesitant to join membership sites
Many of the sites listed are lacking in quality and slow (I'm on cable)


and brute force hack attempts are challenging to do with, I know first hand what MikeAI stated "It has been known to corrupt DBs"

I'm a firm believer in - it is more cost effective to retain a member than it is to acquire a new member



"Let us endeavor so to live that when we come to die even the undertaker will be sorry."

Hi Guys, Steve from Pennywize here.

Wow, my first post - but i thought i should put my $0.02 in ;-)

We have done alot of research into brute force (dictionary) attacks for our most recent release, and let me say that while it is impossible to *stop* brute force attacks, you can certainly make it so difficult for them that they get frustrated and go somewhere else. Which in the end, is a good result for you.

Pennywize V3 has some pretty sophisticated 'rate of failure' tracking which instantly (and temporarily) blocks IP's that are hammering your server with failed attempts. This is configurable both per second and per minute. It also has some pretty new technology which no other product has to fool programs like GoldenEye etc.. into *thinking* that they found a correct password when they really didnt :-) This causes most pieces of software to stop at that point.

<gripe>
*sigh* the other programs will copy our technology eventually (as they always have), but no-one else can offer this now.
</gripe>

If anyone has any questions, give me a bell directly - oprano@pennywize.com


Steve
Pennywize.

Hi Steve ;-)

Thanks for stopping by, heaps of people have been asking me pennywize questions lately so HERE'S THE MAN!!!

Wow, nice to know our newly acquired Property nakkid Nerds is amongst the favorites of these pricks......


We use a custom solution which works well against this brute force shit, but it's still quite draining of resources........luckily along with the site Nakkid Nerds, we've picked up a couple of the tech girls from there ;)

It is impossible to make anything foolproof because fools are so ingenious.

We tried pennywize years ago and aside from redirecting the pwd traffic to his own pages and making money off of it, pennywize along with a few other things we tried basically shut our members servers down during brute force attacks.

For 2+ years now we have been running a solution whos name i obviously wont share, but in those two years we have never had a password leak on one paysite.

Trying to stop brute force attacks is stupid, it doesnt work.

A smartie pants just doesnt allow those passwords to work.

hooper, pennywize is not the same pennywize it was 2 years ago.


its the password cop, thats the same as it was 5 years ago.
and doesnt even work half the time.

it's changed?

what did they do differently?

Hooper - I've used Pennywize for almost 3 years now and have always been able to redirect compromised accesses to where ever (what ever URL) I wanted

During very heavy brute force hack attempts I have had DB problems but never a problem with the servers serving webpages

hooper, pennywize is written by someone who has access to enough traffic that they don't need to steal yours ;-)

this is a pretty experienced group of programmers who are used to dealing with numbers that will make your head spin. the most recent piece of their software we use is affiliate tracking combined with a version of pennywize to assist in detecting webmaster fraud. it comes in pretty darn handy ;-)

Hooper, do you have any positive stories of dealing with companies?! you always seem to have the worst experiences of anybody ...