How do they crack login data

Please remove the link from your profile as linking to porn is not allowed on this site. Then I'll answer your question.

hmmm......
Hold on, Hold on..... they can read your IP address Is that the problem? BTW, since your running an erotic entertainment business you might help me with this. :wink: Go to the link below, please!! Thank you.

http://able2know.com/forums/viewtopic.php?p=396788#396788

link in profile
sorry didn't knew this could be a problem, the link is out of my profile so I would really appreciate some feedback. Craven?

Sounds like you are not getting very good support from your provider. Them guys usually want to know about that - If it's a true hole the Red Hat Network guys are gunna want to know.

Functioning Pornsite username/password pairs are commonly posted in newsgroups, often by some one who in fact obtained the access info at least semi-legitimately; ie ... signing up with an at-the-time valid creditcard or checking account, which itself may have been hilacked. The fraudulent nature of the transaction likely would not be discovered for an entire billing cycle, both yours and the isung institution's. Newsgroup postings of URLS to images can contain session ID infoo, which could be useful to someone wishing to hack into the parent website. Password/username combinations used on public computers and on at-work or in-dorm machines can be relatively easily dug out by a not terribly sophisticated hacker-wannabe. Programs which unmask the characters beneath the asterisks of a password field are common. A known username can be tried with variations of a previously functioning password, particularly if the password is only a few characters in length and/or the username is a valid email address. WiFi sessions and all their data can be and are intercepted, and WiFi connections themselves can be highjacked. A user with network access to a computer from which your site is otherwise legitimately accessed has a fairly good chance of discovering the username/password pair. A malicious sort could have background keyloggers on computers which otherwise legitimately access your site. Perhaps your provider could do more to protect your interests, but you are not alone in your problem. Its a biggie in the "Adult Web".
I'm really interested to see what Craven has to say. I might pick up a new trick or two

timber pretty much covered it. Without access to the server (which I do not want nor would I accept) I can't say for sure but it sounds liek you are not getting hit by brute force crackers (unless that 3000 number is low). If you were getting hit with a dictionary attack you would see many more attempts.

You also said that you have measures in place to block an IP after a certain number of attempts. That will thwart most dictionary attacks but for added security use visual confirmation ("type in the random letters") after 3 attempts so that it doesn't get to 15.

What timber said about password sharing is very relevant and is easily the most common way an adult webmaster gets screwed over.

There are many people out there selling passwords. They charge their customers and give away passwords to other sites.

That is easily the best clue for you to go after but then again you said a user accused you of letting the passwords be accessed.

That would be an exception if the problem were unauthorized password distributors. But it could have also been a bluff. I do not know the context but if the person got really angry and it sounded like ot could have been contrived I might suspect that the protest is a red herring and that you might have pegged the distributor (just a wild guess, like I said I have no context to work with).

I do not know who you get your content from but some of the "turnkey" porn packages are theives who will screw you over.

If you are using a third party you might want to investigate their integrity. ESPECIALLY if you are losing money with the deal while waiting to make it big.

I do not know the adul webmaster world well enough to know who does what but I have heard lots of noise from webmasters about content providers and third-part turnkey solutions that were scams.

As to how you can prevent the unauthorized access I really can't say for sure. You could have a compromised server or your authentication system could have holes. I can't tell you wnat you need to do because you really need a server administrator for this who knows every piece of software on the server and whether there are any known exploits.

If you are on a shared server (especially a shared server with other adult webmasters) you might have a local exploit going on. Remote exploits are many times rarer but if you are on a shared host and especially if the people you are sharing the server with are adult webmasters that could be a risk.

If you have a bought adult hosting product and others on your shared server have the same product the risk is even greater because if there is a local exploit the locals are even more likely to know about it.

As to your last question about identifying the IPs there is no legal way to do that.

I sympathyze with your plight, I know how often ISPs are non-cooperative. It's actually an art knowing how to get ISPs to work with you. You need to write well, have documentation (server logs etc) and most of all you need to know a way that it can hurt them IF they refuse to cooperate.

I have used these tricks in the past:

I maintained ISP subscriptions for all the main ISPs. This way if one of them was problematic I'd ban theor range of IPs and then use my customer account with them telling them how much I love this site I can suddenly no longer access with their ISP. I'd tell them I could access it "from work" so I will be changing ISPs soon.

I have also billed ISPs ridiculous amounts of money. Once an ISP was not taking action against a spammer who was constantly probing my formmail clone so I billed the ISP for 14,000 dollars. I made it look official and all itemizing why the charges were being billed (bandwidth, man hours) and told them that as they were sheilding their client they would be responsible for the bill.

It's a bluff but sometimes works. They gave me the name and addresss of the spammer and I prompty billed him. He signed a contract to stop accessing my server and I cancelled the bill.

Law enforcement won't get involved if the damage or theft is not over 10,000 dollars. So if you ever need law enforcement you sure as hell have better have had 10,000 dollars worth of information that was compromised or something.

One trick I have heard of but never tested is to have an insurance policy on your data that exceeds 10,000 dollars.

It worked like this. One dude "insures" another dude's server for over 10 grand. The price for the policy is ridiculously low and the terms are such that there will never be a payout but they used this as a way to get law enforcement to take action against their servers seriously. The "insurance" guy would call up the law enforcement and ISPs.

I do not know if it ever worked but the important lesson is that when it comes to servers and law enforcement they won;t lift a finger unless you tell them there has been more than 10,000 dollars of damage.

Now it's possible to legally obtain knowledge about an IP user. But the methods never work with people who are out there to scam.

An average user will leave behind hundreds of identitiy clues. Someone who is using the internet maliciously won't. They will steal other people's AOL info and use their name. They will mask IPs or use non-cooperative proxies.

Ultimately even if you DO get their real IP they usually don;t care and switch ISPs anyway.

So trying to identify them from an IP is usually futile if they have taken counter-measures. It's a pity, the average good guy can be tracked down more easily than the average bad guy.

The non-legal ways to pinpoint a user will not be worth it as you are probably looking to identify for legal reason. If you hack to catch the hacker you have no case.

Many thanks for the replies (husker, timberlandko)! I will contact my host provider and see what he has to say. However, since I have installed the password protection software on my host server, the damage is more produced due to the artificial traffic, which means band wide as through the password cracks, since in a few minutes the user login is blocked and does not work anymore. Nevertheless, before I new about this problem, I had a big surprise: I was watching how my traffic goes up higher and higher and was so "proud" about my webmastering skills, till my web hosting bill arrived. Instead of the usual $180 I had $4000 to pay (artificial traffic, unsuccessful login attempts)! This was a real damage and I did not understood that no official authority was interested in this matter, either the local police station, nor the web police, etc. I knew that knowledge has its price but I didn't knew that the price has so many zero's..

Hmm, with that much of a jump in traffic you may well be getting hit with a brute force or dictionary attack.

Unless they are getting downloads a jump like that is almost certainly automated.

Besides blocking access to an IP that is trying to log in too many times you might consider a stronger approach.

Require cookies for all log-ins and then block attacking IPs from the server, not just the authentication.

Make sure you are poring over your logs,another possibility is that your host is pulling a fast one.

A jump like that is stupendous. It would not be possible to miss if you have half an eye on the logs. Make sure they are charging you for real traffic.

Wow Craven,

this was a detailed reply. It feels good to see that finally, someone cares about one's problems. I really can use this (especially the 10.000 limit).. Thanks a lot!

No problem. The 10,000 limit for FBI involvement is sad, it's even sadder that even with that much loss they still sometimes do not get involved.

Cyber-security is lagging BIG time. The government's techies are rarely as good as the private sector and a very small percentage are ahead of hackers.