StrongBox Rocks

[Lee]

Apparently :thumbsup:

I just downloaded close to 100 emails telling me that someone is trying to bruteforce http://www.underweardudes.com

Im guessing they dont realize that we have StrongBox installed on all of our paysites LOL

Wonder how long they are going to continue the attempts? If its a surfer, wouldnt it just be easier to buy a membership? LOL

Regards,

Lee

[Chilihost]

its likely a bot hitting your site, they hit paysites all the time. After a little while strongbox will block all their IP addresses (it takes a bit of time as they usually cycle thru hundreds or thousands of proxy servers).

One hint: when using ccbill, make sure you force RANDOM userids and passwords. This will get rid of about 80% of all successful hacks as people are so bloody lazy they use the same userid & password for every paysite they ever join and even though your server might be secure, someone else's will not be and they can rip an htpasswd file from them and use it to gain entry on your site.

cheers,
Luke

[raymor]

Thanks for your posts, gentleman. Lee, when you said you got close to 100 emails
that kind of suprised me because by default Strongbox is configured to send no
more than 25 emails per day. I checked underweardudes.com and sure enough
there was a little bug to where it would send up to 25 emails in 2.4 hours.
I fixed that. If you'd like to adjust the number of emails allowed per day here's
more info on that:
http://www.bettercgi.com/strongbox/m...addresses.html

Luke, I've always been kind of torn because while it's certainly true what you say
about using random user names and passwords being much more secure, they are
also a pain the butt for the user. I hate it when a site assigns me a random user
name and password. I much prefer to be able to login here at GWW without
having to look up some random user / pass like "lI*8n;tT5" and "ht9N%8*Fr" every time.
I figured you'd have the best of both world's by using CCBill's password list
upload feature to upload a list of user names and passwords that were a bit easier
to remember than "ht9N%8*Fr". I wrote a little script to generate these pairs.
They aren't english words, so they won't be in a hackers dictionary, but they are
easier to remember than "ht9N%8*Fr". Examples of passwords my script made
are "spitskido", "blizle", "premec", and "frucsphin". That tool along with illustrated
instructions can be found at:
http://www.bettercgi.com/strongbox/passgen/

[JustBryce]

Hello Ray,

Its good to see you are still kicking. Are you getting our emails about amateurhunks.com and muchachos.com? John has been trying for a few days now. Maybe our emails are getting blocked or something?

[raymor]

Bryce, I don't see any emails about either of those two sites.
I do have a couple of emails from a John about some re-installs
on some other sites, which we'll try to get done today.
My one helper / installer is gone for two weeks and I need to
hire another because clearly I'm not keeping up with getting
everything doen fast enough.

[JustBryce]

Ray,

Any news on those reinstalls yet?

Bryce

[raymor]

Bryce as I mentioned I don't have an order or any emails mentioning either
of those two sites. If you're email isn't getting to me please try calling us
at 1-979-530-1300. Thanks.