Does anybody know how password sites get their passwords? The only way I can think of is through peer sharing or posting online. The reason why I'm asking this is because I have some pay sites that gets listed on their sites and I want to stop this ASAP. Thank you.
Generally login username/passwords are obtained via brute force which can be stopped, couple of ideas:
* You could limit a username to a certain amount of login attempts before freezing their account for a certain period of time.
* Put some sort of restriction on passwords that can be used (IE. cannot be less than 6 characters, must contain numbers etc...)
The other possibility of course is that people are legitimately purchasing the logins and distributing them (most likely with stolen credit cards).
This should be enough to get you started, let me know if you have any other questions.
Most of it is bruteforce. However many people that pay at paysites use the exact same login and password at multiple places, which makes it easy to get it listed becaue they just brute force them.
sometimes places will get hacked and passwords lists stolen and then are used for bruteforcing..
look up accessdiver
Steven Ciaburri | Industry's Best Server Management- Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance