Results 1 to 4 of 4
-
12-25-2006, 05:06 PM #1Junior Guru
- Join Date
- Jul 2003
- Posts
- 180
How do password sites get their passwords?
Does anybody know how password sites get their passwords? The only way I can think of is through peer sharing or posting online. The reason why I'm asking this is because I have some pay sites that gets listed on their sites and I want to stop this ASAP. Thank you.
-
12-25-2006, 05:19 PM #2Web Hosting Evangelist
- Join Date
- Jun 2004
- Posts
- 525
Generally login username/passwords are obtained via brute force which can be stopped, couple of ideas:
* You could limit a username to a certain amount of login attempts before freezing their account for a certain period of time.
* Put some sort of restriction on passwords that can be used (IE. cannot be less than 6 characters, must contain numbers etc...)
The other possibility of course is that people are legitimately purchasing the logins and distributing them (most likely with stolen credit cards).
This should be enough to get you started, let me know if you have any other questions.System Administrator
-
12-25-2006, 05:20 PM #3Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Most of it is bruteforce. However many people that pay at paysites use the exact same login and password at multiple places, which makes it easy to get it listed becaue they just brute force them.
sometimes places will get hacked and passwords lists stolen and then are used for bruteforcing..
look up accessdiverSteven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
12-25-2006, 06:19 PM #4Junior Guru
- Join Date
- Jul 2003
- Posts
- 180
Thanks for the replies.
You could limit a username to a certain amount of login attempts before freezing their account for a certain period of time.
I'll give accessdriver a try. Thank you.