If Your Site Isn't Listed, It Ain't Shit!

President · 11-13-2002

I think they got'em all
Amazing, look at all the paysites out there!

And of course look at how they hacked them all!

Those password traders have a job just keeping up with the paysite list!

The Monster Password leak

JFK · 11-13-2002

Maybee it aint no Shit, but we aint No Stupid eighter ! Or try not to be, altough found a few of friends!

President · 11-13-2002

You're right about trying to not be stupid, I think most of us have some sort of password protection running.

It does amaze me however that these password traders can break into that many sites each day.

There are some big names on that list and many of them actually work.

ulfie · 11-13-2002

Most of the ones I looked at worked. Thanks for killing my whole afternoon. :P

Mike AI · 11-13-2002

Passwords sites are a major pain the in ass. It is not necessarily the passworsd getting out which is the problem, but the brute force hacking attempts on the server. It has been known to corrupt DBs and such...

I wish those fuckers would be beat down....

Those who support them are major COCKHOLSTERS....

Speaking of, anyone hear from JoeE lately?

Dianna Vesta · 11-13-2002

seems like there would be security software for servers to protect brute force.

Has anyone used the newer verisons of Pennywize?

Any other good software to help kill traders?

President · 11-13-2002

There are some solutions to the brute force, but no matter what you do (as far as I know) you can't stop the "server request" that are generated by the scripts they use.

PennyWize doesn't stop the attacks, it just catches the multiple uses, in fact there are many sites on the list using PennyWize that are still wide open.

Ulffie I know how you feel, a lot of surfing to be done!

Amazing how many sites look alike!

Tons of the same content!

No wonder it is getting harder to convince surfers to give a site a try.

Mike AI · 11-13-2002

Dianna, there is software out there called "Stop the Hacker" Which is effective for most scripts these gusy run. But the sophisticated hackers use multible proxies and such so it is almost impossible to stop.

Even stopping it puts a burden on the servers...

Vick · 11-13-2002

Ok I'll admit it....I looked a few sites

What you can really see is why retention sucks and surfers may be hesitant to join membership sites
Many of the sites listed are lacking in quality and slow (I'm on cable)

and brute force hack attempts are challenging to do with, I know first hand what MikeAI stated "It has been known to corrupt DBs"

I'm a firm believer in - it is more cost effective to retain a member than it is to acquire a new member

"Let us endeavor so to live that when we come to die even the undertaker will be sorry."

11-13-2002

Hi Guys, Steve from Pennywize here.

Wow, my first post - but i thought i should put my $0.02 in ;-)

We have done alot of research into brute force (dictionary) attacks for our most recent release, and let me say that while it is impossible to *stop* brute force attacks, you can certainly make it so difficult for them that they get frustrated and go somewhere else. Which in the end, is a good result for you.

Pennywize V3 has some pretty sophisticated 'rate of failure' tracking which instantly (and temporarily) blocks IP's that are hammering your server with failed attempts. This is configurable both per second and per minute. It also has some pretty new technology which no other product has to fool programs like GoldenEye etc.. into *thinking* that they found a correct password when they really didnt :-) This causes most pieces of software to stop at that point.

*sigh* the other programs will copy our technology eventually (as they always have), but no-one else can offer this now.

If anyone has any questions, give me a bell directly - oprano@pennywize.com

Steve
Pennywize.

cj · 11-13-2002

Hi Steve ;-)

Thanks for stopping by, heaps of people have been asking me pennywize questions lately so HERE'S THE MAN!!!

SykkBoy · 11-13-2002

Wow, nice to know our newly acquired Property nakkid Nerds is amongst the favorites of these pricks......

We use a custom solution which works well against this brute force shit, but it's still quite draining of resources........luckily along with the site Nakkid Nerds, we've picked up a couple of the tech girls from there

slavdogg · 11-14-2002

It is impossible to make anything foolproof because fools are so ingenious.

Hooper · 11-14-2002

We tried pennywize years ago and aside from redirecting the pwd traffic to his own pages and making money off of it, pennywize along with a few other things we tried basically shut our members servers down during brute force attacks.

For 2+ years now we have been running a solution whos name i obviously wont share, but in those two years we have never had a password leak on one paysite.

Trying to stop brute force attacks is stupid, it doesnt work.

A smartie pants just doesnt allow those passwords to work.

slavdogg · 11-14-2002

hooper, pennywize is not the same pennywize it was 2 years ago.

its the password cop, thats the same as it was 5 years ago.
and doesnt even work half the time.

Hooper · 11-14-2002

it's changed?

what did they do differently?

Vick · 11-14-2002

Hooper - I've used Pennywize for almost 3 years now and have always been able to redirect compromised accesses to where ever (what ever URL) I wanted

During very heavy brute force hack attempts I have had DB problems but never a problem with the servers serving webpages

cj · 11-14-2002

hooper, pennywize is written by someone who has access to enough traffic that they don't need to steal yours ;-)

this is a pretty experienced group of programmers who are used to dealing with numbers that will make your head spin. the most recent piece of their software we use is affiliate tracking combined with a version of pennywize to assist in detecting webmaster fraud. it comes in pretty darn handy ;-)

Hooper, do you have any positive stories of dealing with companies?! you always seem to have the worst experiences of anybody ...

11-13-2002	#1
President Members Join Date: Oct 2002 Posts: 102	I think they got'em all Amazing, look at all the paysites out there! And of course look at how they hacked them all! Those password traders have a job just keeping up with the paysite list! The Monster Password leak __________________ XXX Productions .com

11-13-2002	#2
JFK Industry Member Join Date: Nov 2002 Posts: 1,371	Maybee it aint no Shit, but we aint No Stupid eighter ! Or try not to be, altough found a few of friends! __________________ FUBAR Webmasters "The Next Best Thing to Being There"

11-13-2002	#3
President Members Join Date: Oct 2002 Posts: 102	You're right about trying to not be stupid, I think most of us have some sort of password protection running. It does amaze me however that these password traders can break into that many sites each day. There are some big names on that list and many of them actually work. __________________ XXX Productions .com

11-13-2002	#4
ulfie Members Join Date: Oct 2002 Posts: 1,143	Most of the ones I looked at worked. Thanks for killing my whole afternoon. :P __________________

11-13-2002	#5
Mike AI Administrator Want to see your own Advertising Here! Join Date: Oct 2002 Posts: 11,618	Passwords sites are a major pain the in ass. It is not necessarily the passworsd getting out which is the problem, but the brute force hacking attempts on the server. It has been known to corrupt DBs and such... I wish those fuckers would be beat down.... Those who support them are major COCKHOLSTERS.... Speaking of, anyone hear from JoeE lately? __________________ Make big money on your Domains! Why wait 40 days to get paid with the other guys? Parked.com pays the most for your traffic, and cuts checks twice a month!

11-13-2002	#6
Dianna Vesta Members Join Date: Oct 2002 Location: South Florida Posts: 2,087	seems like there would be security software for servers to protect brute force. Has anyone used the newer verisons of Pennywize? Any other good software to help kill traders? __________________ Live radio and audio downloads have a definite place in marketing and promoting products. Not only will it capture new customers but it is an excellent way to promote new products to existing customers continuing to build good customer relationships. Click here for more info

11-13-2002	#9
Vick Celebrating Company's Success with A Beer From Mini Bar Want to see your own Advertising Here! Join Date: Oct 2002 Location: Little South of Sanity Posts: 6,551	Ok I'll admit it....I looked a few sites What you can really see is why retention sucks and surfers may be hesitant to join membership sites Many of the sites listed are lacking in quality and slow (I'm on cable) and brute force hack attempts are challenging to do with, I know first hand what MikeAI stated "It has been known to corrupt DBs" I'm a firm believer in - it is more cost effective to retain a member than it is to acquire a new member "Let us endeavor so to live that when we come to die even the undertaker will be sorry." __________________ Pssst Click the Button Above I once wanted to be a Gynecologist But I couldn't find an opening

11-13-2002	#10
pennywize Guest Posts: n/a	Hi Guys, Steve from Pennywize here. Wow, my first post - but i thought i should put my $0.02 in ;-) We have done alot of research into brute force (dictionary) attacks for our most recent release, and let me say that while it is impossible to stop brute force attacks, you can certainly make it so difficult for them that they get frustrated and go somewhere else. Which in the end, is a good result for you. Pennywize V3 has some pretty sophisticated 'rate of failure' tracking which instantly (and temporarily) blocks IP's that are hammering your server with failed attempts. This is configurable both per second and per minute. It also has some pretty new technology which no other product has to fool programs like GoldenEye etc.. into thinking that they found a correct password when they really didnt :-) This causes most pieces of software to stop at that point. sigh the other programs will copy our technology eventually (as they always have), but no-one else can offer this now. If anyone has any questions, give me a bell directly - oprano@pennywize.com Steve Pennywize.

11-13-2002	#11
cj Members Want to see your own Advertising Here! Join Date: Oct 2002 Location: Down Under Posts: 5,202	Hi Steve ;-) Thanks for stopping by, heaps of people have been asking me pennywize questions lately so HERE'S THE MAN!!!

11-13-2002	#12
SykkBoy Polishing the Chrome on Bishops Motorcycle $100 for every ImLive sign-up Join Date: Oct 2002 Location: Hell: Bowels : Level 9 Posts: 4,153	Wow, nice to know our newly acquired Property nakkid Nerds is amongst the favorites of these pricks...... We use a custom solution which works well against this brute force shit, but it's still quite draining of resources........luckily along with the site Nakkid Nerds, we've picked up a couple of the tech girls from there __________________ ADULT PAYMASTER - All Site Access - Paying $70 October 5th! "Love your enemies...just in case your friends turn out to be bastards." - unknown

11-14-2002	#14
Hooper Members Join Date: Oct 2002 Posts: 1,156	We tried pennywize years ago and aside from redirecting the pwd traffic to his own pages and making money off of it, pennywize along with a few other things we tried basically shut our members servers down during brute force attacks. For 2+ years now we have been running a solution whos name i obviously wont share, but in those two years we have never had a password leak on one paysite. Trying to stop brute force attacks is stupid, it doesnt work. A smartie pants just doesnt allow those passwords to work. __________________ Quickbuck is paying $100 Per trial join.