how many of you paysite owners report abusers of your paysite/member passwords?

or do you just report the password sites? or what do you do to proactively stop these thieves?

laters,
Chris

Very good post ss, but who should we report it to?

I utilize a 3rd password protection service on my paysites. Do you have any suggestions, let me know.

Steve

Which one do you use??

Ride

This is a good topic !!

Just curious ... how can you tell if members are abusing their usernames and passwords anyway? I have some that when I check my stats it'll say like the username of the person and how many visits they made to my members area. I have had some usernames enter my members 150-200 times in like 2 days. I contacted my host and billing company and told me this is normal. Is it ?? I thought that was a lot of visits in that short amount of time and often wondered if they were putting their usernames and passwords on a free password site. How can you tell??

Originally posted by swdesigns
This is a good topic !!

Just curious ... how can you tell if members are abusing their usernames and passwords anyway? I have some that when I check my stats it'll say like the username of the person and how many visits they made to my members area. I have had some usernames enter my members 150-200 times in like 2 days. I contacted my host and billing company and told me this is normal. Is it ?? I thought that was a lot of visits in that short amount of time and often wondered if they were putting their usernames and passwords on a free password site. How can you tell??

I've half finished a system that tracks IPs that are accessing each account, and keeps them in a real-time list. IPs expire from the list after a couple of days if they have not accessed the site. If there are more than a few 'substantially different' IPs in that list then the account is flagged for human review. Being 'substantially different' rather than just 'different' means that it will allow accesses from multiple proxy servers on the same ISP; for example, a single AOL user loading a page with 4 images may actually appear to be 5 different IPs.

The other thing to look for is HEAD requests in the members area that are successful (200). This usually means:

1) An authenticated member is trying to leech your site
2) A password cracker program has just found a match

I log all HEAD requests (in both free and passworded areas), and send back a 404 for HEAD requests that don't have a User-Agent field.

I should add that my site has a general include file that is included in 99% of the PHP scripts, so it's easy to add in things like this that need to run for every HTML access. :)

Cheers.

Point me to some 3rd party password management? I'd build one but I guess a reliable 3rd party is a safer way to start new paysites ;)

We use password sentry and it will block all the logins and IP's which are fishy...

I use password sentry.

I've only ever banned one user. I got about 10 IP's from all over the world in a few hours. Don't know where it was posted, but that's a traded password (CCBill kept rewriting it to the fucking password file).

I get quite a few where it's been shared with someone else. I don't encourage it, but if it's small enough not to trigger the script I tend to turn a blind eye.

sorry for the delay in the reply, as per usual i forgot about this thread as soon as i had started it hehe...

im using pennywise at the moment but i've heard that its kinda slow ...

i'll try and redirect this thread a little, im wondering how many people here actually report the misuse of the ipaddresses ....

i assume that you would look at the netblock for that ipaddress and report it to the abuse@netblockowner.com etc ...

any more for any more ? :D

laters,
Chris

Have you ever reported to a netblock abuse address? Everytime I've tried it either bounces or gets lost in the void. I've never had any results from reporting to them.

Depending on how many members you have and the type of traffic you're pulling, there are quie a efw inexpensive cgi solutions that will both track/log and shut off members who appear to be trading passwords.

Take a look at this link for some solutions:
http://www.tools4webmasters.com/cgiprograms.htm

If your site name is relatively unique, try searching for it on http://groups.google.com/ ... I just did a search and found a few password requests for my site in alt.sex.passwords and alt.es.hackers.passwords.

Here's an example:

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=dd948de9.0207041629.49389cce%40posting.google .com

If you click on "Original Format" in the message, you can see all of the headers, including NNTP-Posting-Host and X-Trace. You may be able to match up the IP(s) with successful access to your member area. If you do decide to report it then it's extra weight for your claim, I guess. *shrug*

Cheers.

shit, didn´t know that

best thread since a while

If you found out a frauded account that they list on a passwordsite for example.

Do you delete that account or have you made a fake-memberarea which you try to tease the surfer and sell him real membership or send him to other sponsors?

Originally posted by Breaker
If you found out a frauded account that they list on a passwordsite for example.

Do you delete that account or have you made a fake-memberarea which you try to tease the surfer and sell him real membership or send him to other sponsors?

cant say i've ever tried creating a fake members area for the idiot, but i would have thought that this traffic would convert way way way worse than even tgp traffic.

laters,
Chrs

I've used password sentry for almost 3 years, it's great.. and the guy who writes/installs it, dan, is really cool too.. highly recommended and it's cheap .. great for blocking multiple ISPs etc .. I'm sure it saved me a lot in potential lost revenue etc..

I don't tell my customers that I have something like that til After they sign up, eg "remember to only log in from no more than 2 pc's" .. great..

Originally posted by alohaha
I've used password sentry for almost 3 years, it's great.. and the guy who writes/installs it, dan, is really cool too.. highly recommended and it's cheap .. great for blocking multiple ISPs etc .. I'm sure it saved me a lot in potential lost revenue etc..

I don't tell my customers that I have something like that til After they sign up, eg "remember to only log in from no more than 2 pc's" .. great..

cool, how many ips/subnets do you allow users to have per day?

laters,
Chris

I recommend visit all password site forums.

like xxxhq.com/forum/

you can find a lot new passwords there, if you found your site (try search yourdomain (not .com, just domain)) you can delete accounts by hand.

Originally posted by XP
I recommend visit all password site forums.

like xxxhq.com/forum/

you can find a lot new passwords there, if you found your site (try search yourdomain (not .com, just domain)) you can delete accounts by hand.

Why do you have to delete the account?

I have it set up so that any access to the members area for a blocked account prints out a polite message to email me some details (to verify they are the owner) and a new password.

Cheers.

Because theese passwords are usually not hacked, they signup with stolen credit cards and distrubute passwords.

anyway, sending new password idea is good too.

Originally posted by XP
Because theese passwords are usually not hacked, they signup with stolen credit cards and distrubute passwords.


Make it 3 strikes and they're out. :)

Every account I have blocked so far has been because of someone with a cracking program doing a user/pass scan and finding a match. When I re-enable the account I tell them that their user/pass is widely known and so they must also change their passwords on other sites.

Of course, the user/pass got into the list somehow in the first place... maybe it was just someone who shared with a friend and it went from there, or it's just a fraudulent account from the start.

Cheers.

Would it be wrong to start img sourcing those hack forums ?

I dont have a paysite, but i would be pissed if somebody stole my bandwith like they do, wouldn't it be fair if we used some TB of their BW ?

XP good info cheers.

I see alot of banners on these hack/password trading sites. And usually it's banners from 3 major sponsors, I won't mention the sponsors, but they should be ashamed of themselves for allowwing these crooks to make money for them by exploiting passwords.

I have emailed all 3 sponsors on numerous occassions and none of them replied or did anything about it.

Shame on them.

BTW a lot of these so called hack/passords sites have multiple fronts and names owned by the same company.

Just my 2 cents

Steve