Ok so tonight we were mega hacked, Amateur Hosting blocked most of the passwords but not before they has to suspend service for the site 10 minuites beofre the live stream.
The reason for the post in not a blast on AH.

The company posting the passwords is bestpasswords.com and passdb.com I check whois and they are both registered by the same peron and hosted at the same server. Is there really anything we can do (I know I know better server protection) some knight in shinning armour please come to my rescue?

I am about over the whole internet

Ps I also realise that web master post limited passwords to these boards, but these were not posted by us and I have contol over the password files. Just Hacked?

Porsche, what you need is
http://pennywize.com/

you will never have hacked password problems again

Also take a look at http://www.stopthathacker.com

Hugs,
Danielle

You could also look into ProxyPass and Iprot.

Doesn't your host provide some sort of protection?

your host should be offering some sort of pass protection solution are they not?

Originally posted by Porsche Lynn@Dec 19 2003, 02:31 AM
Ok so tonight we were mega hacked, Amateur Hosting blocked most of the passwords but not before they has to suspend service for the site 10 minuites beofre the live stream.
The reason for the post in not a blast on AH.

The company posting the passwords is bestpasswords.com and passdb.com I check whois and they are both registered by the same peron and hosted at the same server. Is there really anything we can do (I know I know better server protection) some knight in shinning armour please come to my rescue?

I am about over the whole internet

Ps I also realise that web master post limited passwords to these boards, but these were not posted by us and I have contol over the password files. Just Hacked?
As everyone else is telling you, get some decent software installed to protect yourself. It's a necessity of running a members-only area.

Passwords are always going to get posted. You cant prevent it. Some users will voluntarily post their pw. Others are just too stupid to pick a good password and their accounts will be susceptible to brute force hacks. And still others use the same username and password on every site on the net.

You cant prevent the passwords getting out, but good software will neutralize the damage.

we've had great luck with iprot for years now.

either that or our sites just arent very popular :blink:

Thanks everyone I will drop the subject now. I realize that I have overcooked this one and everyone has given good advice, our hosting service does have protection but it is in my opnion not set "hard" enough, so it is talk to them to resolve this or move hosting, at the moment we get free hosting for a once a week one hour live stream, I think up to 50GB per month.


Thanks again all and Happy Christmas see some of you in Las Vegas and At Bond Con.

Originally posted by Porsche Lynn@Dec 20 2003, 12:31 PM
Thanks everyone I will drop the subject now. I realize that I have overcooked this one and everyone has given good advice, our hosting service does have protection but it is in my opnion not set "hard" enough, so it is talk to them to resolve this or move hosting, at the moment we get free hosting for a once a week one hour live stream, I think up to 50GB per month.


Thanks again all and Happy Christmas see some of you in Las Vegas and At Bond Con.


It sucks to get abused by password sites. This is something that used to be a major problem, and bone of contention on the boards.

Many of these password sites were supported by big companies, including CEN - JoeE and I would go back and forth about him supporting theives, and people who do damage to tother peoples servers.

Of course, I do beleive in Karma....

Anyone hear from JoeE lately?

:D

Originally posted by Porsche Lynn@Dec 20 2003, 09:31 AM
Thanks everyone I will drop the subject now. I realize that I have overcooked this one and everyone has given good advice, our hosting service does have protection but it is in my opnion not set "hard" enough, so it is talk to them to resolve this or move hosting, at the moment we get free hosting for a once a week one hour live stream, I think up to 50GB per month.


Thanks again all and Happy Christmas see some of you in Las Vegas and At Bond Con.
Speak with Mike at Webair. They are great people and know how to look after customers.

Get password sentry
search for it on Google

set max ips per user to 10 ips
then set to reset after 2 days then set it to 5 ips

and if 5 ips is reached again then set it to delete the user
easy as that!