Results 1 to 4 of 4
  1. #1
    Join Date
    Jul 2003
    Posts
    180

    How do password sites get their passwords?

    Does anybody know how password sites get their passwords? The only way I can think of is through peer sharing or posting online. The reason why I'm asking this is because I have some pay sites that gets listed on their sites and I want to stop this ASAP. Thank you.

  2. #2
    Join Date
    Jun 2004
    Posts
    525
    Generally login username/passwords are obtained via brute force which can be stopped, couple of ideas:

    * You could limit a username to a certain amount of login attempts before freezing their account for a certain period of time.
    * Put some sort of restriction on passwords that can be used (IE. cannot be less than 6 characters, must contain numbers etc...)

    The other possibility of course is that people are legitimately purchasing the logins and distributing them (most likely with stolen credit cards).

    This should be enough to get you started, let me know if you have any other questions.
    System Administrator

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Most of it is bruteforce. However many people that pay at paysites use the exact same login and password at multiple places, which makes it easy to get it listed becaue they just brute force them.

    sometimes places will get hacked and passwords lists stolen and then are used for bruteforcing..

    look up accessdiver
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Join Date
    Jul 2003
    Posts
    180
    Thanks for the replies.

    You could limit a username to a certain amount of login attempts before freezing their account for a certain period of time.
    ^^ This sounds like a good idea because access from my sites are managed by .htaccess/.htpasswd files. The only thing is how.

    I'll give accessdriver a try. Thank you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •