Does anybody know how password sites get their passwords? The only way I can think of is through peer sharing or posting online. The reason why I'm asking this is because I have some pay sites that gets listed on their sites and I want to stop this ASAP. Thank you.
Generally login username/passwords are obtained via brute force which can be stopped, couple of ideas:
* You could limit a username to a certain amount of login attempts before freezing their account for a certain period of time.
* Put some sort of restriction on passwords that can be used (IE. cannot be less than 6 characters, must contain numbers etc...)
The other possibility of course is that people are legitimately purchasing the logins and distributing them (most likely with stolen credit cards).
This should be enough to get you started, let me know if you have any other questions.