never know what happened!
They never seem to have any clue as to how their username/password got out! Has anyone actually had anyone admit to what they did?
I had one this morning, and while he did appologize, it was an "I am so sorry that this happened to your website, if there is anything I could do to remedy the situation I would, I really have no idea what happened or how my password got onto xxxxxfreeblahblah.com"
ICQ# 200-385-093
There are literally thousands of password trading sites who steal passwords using "exploits", "key -stroke loggers", "rootkits", "back doors", "packet-sniffing", etc. so there are times the surfer doesn't know they've been compromised.
I reset their password with an x1 at the end, showing it's their 1st offense and I explain to them how to get free spyware, antivirus software. If they don't do that and an x1 password shows up again, they are disabled
we force random userid/passwords on our members (I have not had one person complain about this either) because most of the time when we found password leaks in the past it was because they always use the same simple u/p for every site they join.
check your logs, when hackers come to visit you will notice the same series of u/p that get tested over and over again.
on this the best script i ever added to my site was a simple password tracker. basically each time a member logs in the first 2 parts of theire ip adress are recorded in a database against their name. if the script detects more than 5 differnt ips ( first 2 parts ) login in within a 24 hour period it blocked theire password, e-mails them a nice little e-mail explaining why they are blocked and how to correct it and copies me.
they can fix it upto 2 times before the account is canceled bu going to a special link that is contained in the e-mail and resetting to another password. usually they only ever have the issue one time.
simple, effective and best of all.. automatic.
before you all ask for copies ( wshich i would be happy to provide ) I have to let you know its written in asp.
Video feeds and content available to webmasters:
http://demo.collegeboyslive.com http://affiliates.collegeboyslive.com
If you get a LOT of passwords compromised, the cracker could have ripped your
password file. We can use strong encryption on your password file to prevent
that.
Do you do that automatically or does one need to ask for that specifically?Originally Posted by raymor
I love my strongbox :heart:
It's not done automatically as part of a Strongbox installation.
We probably should add it as an option on the order form or
something, though, or send you from the Strongbox order form
to a page with that information and a form where you can submit
the additional info we'd need. More info can be found at:
http://www.bettercgi.com/strongbox/passgen/
wow thanks for that link tons of information there! :thumbsup:
I've been getting a lot of comments on my myspace page that have links to videos that ask you to log in to myspace again once you click on them, which means that the friend who posted it has had their account hijacked by the very same fishing scheme. The thing that surprises me is that anyone still falls for that. I could see a few years ago when this shit was first starting but now? I guess I'm blissfully naive that I think people are a lot smarter than that.
Don Mike
DonMikeCali@gmail.com
Posting Permissions
Reply With Quote
Bookmarks