i have some paysites...<br /><br />who are pennywize's competitors?<br /><br />how can i block the-cloak.com?<br /><br />what are your best recommendations for products/services to add to prevent as much hacking as possible?<br /><br />serious replies please

<a href="http://www.monster-submit.com/sentry/" target="_blank">http://www.monster-submit.com/sentry/</a><br /><br />i use this one,and it does the job.

thank emgee<br />i'll check them out<br />it looks at if they are identical to pennywize...the second person logs in with the same pass, then it's blocked<br /><br />i was looking to go the extra mile and pay for whereas, the initial hack hardly ever happens<br /><br />you see at hack request boards "sorry, that place is solid...i can't get in"<br /><br />i want them referring to my sites like that<br /><br />thanks

Blocking the cloak can be done explicitly using .htaccess in your directory. Have a look at the apache url rewriting guide for more details<br /><br />Search on google for it <img border="0" title="" alt="[Wink]" src="wink.gif" /> <br /><br />laters,<br />Chris

yes, i shall search google<br />could you give me more hints please though<br />tips, secrets, anything?

Go to <a href="http://www.pornresource.com/," target="_blank">http://www.pornresource.com/,</a> and look at <br />"Password Protectors"<br /><br />peace

The best in my experience:<br /><br /><a href="http://www.digital-concepts.net/cgi-iprotect.html" target="_blank">http://www.digital-concepts.net/cgi-iprotect.html</a>

There is a better solution to all of this.. don't allow users to select their own passwords.

keyman,<br /><br />how exactly does that stop password hurlers?

</font><blockquote><font size="1" face="Verdana, Arial">quote:</font><hr /><font size="2" face="Verdana, Arial">Originally posted by Al:<br /><strong>keyman,<br /><br />how exactly does that stop password hurlers?</strong></font><hr /></blockquote><font size="2" face="Verdana, Arial">It won't stop password sharing, but they're the least of your worries. The proxy based brute force attacks rely on predicatable usernames and passwords.<br /><br />I'd say the average password hacker has a list of about 200,000 commonly used usernames and passwords. They then load that list into a program like accessdiver (www.accessdiver.com) which tries those 200,000 logins to see if one works.<br /><br />Now, believe me.. on a larger paysite with 1000+ members, a hacker will have a pass using this method usually under 20,000 attempts.<br /><br />This shouldn't really happen because if you look at it combinationally (say username 6-8 characters and password 6-8, both a-z|0-9):<br /><br />possible username combinations:<br />(36^6 + 36^7 + 36^8) = 5803301707776<br />possible password combinations:<br />(36^6 + 36^7 + 36^8) = 5803301707776<br />possible combinations of username and password:<br />n * n = 33678310711475838098866176<br /><br />Even a site with 100,000 (x / 100000) members would be difficult to crack if the usernames and passwords were random.<br /><br />It won't stop password sharing, credit card fraud or hackers that find a vunerability in your server, but brute forcing is the most common way of getting passwords and it works because users choose passwords that they can easily remember like,username bobbob1 password bobbob2.

tru tru<br />i figured that was what you were getting at<br />thanks<br /><br />[thinks]