Tech Combating Piracy in your Members Area

[Bladewire]

There is a thief uploading my updates to tube sites within a couple hours of them going live.

Does anyone have some tips or solutions to combating this kind of theft in your members area? My updates instantly lose value, and I lose money, when they are uploaded WITHIN HOURS to a tube and file locker site.

Any tips and advice are appreciated

[Klen]

Well for start check do you have any hacked accounts,it is often how such users dont even buy membership,they just hack someone else account or even find security hole in your system.

[SplatterMaster]

What Klen said. If you don?t have member management software, consider getting it. It will make looking at member?s activities easier. Without member management software you?ll need to look at server logs.

If you allow members to pick their own username and password you should know that hundreds of them have already been hacked. Pirates just brute forces with those known usernames and passwords until they find one that works. Then they rip your site and post it all over the web.

[Bladewire]

Quote:

Originally Posted by KlenTelaris

Well for start check do you have any hacked accounts,it is often how such users dont even buy membership,they just hack someone else account or even find security hole in your system.

What kind of security holes? Where would I begin to look?

[Bladewire]

Quote:

Originally Posted by SplatterMaster

What Klen said. If you don?t have member management software, consider getting it. It will make looking at member?s activities easier. Without member management software you?ll need to look at server logs.

If you allow members to pick their own username and password you should know that hundreds of them have already been hacked. Pirates just brute forces with those known usernames and passwords until they find one that works. Then they rip your site and post it all over the web.

I use ProxyPass for my member management system.

I do let members choose their own user/pass, maybe I should change that. I just felt them choosing their own login credentials makes the site more user friendly.

[SplatterMaster]

Quote:

Originally Posted by Squirtit

I do let members choose their own user/pass, maybe I should change that. I just felt them choosing their own login credentials makes the site more user friendly.

It does and it?s not that bad of a thing. Just be aware that a lot of usernames and passwords are shared and are already known. Some members will use the same username and password all across the web. Pirates usually protect these usernames and password and will not share them so 1 or 2 IPs may not trigger your management software. You may have to check manually.

[Klen]

Quote:

Originally Posted by Squirtit

What kind of security holes? Where would I begin to look?

You could begin by looking at password sites to see is there any u/p of your sites shared there,and then check does those u/p works.

[Bladewire]

Quote:

Originally Posted by SplatterMaster

It does and it?s not that bad of a thing. Just be aware that a lot of usernames and passwords are shared and are already known. Some members will use the same username and password all across the web. Pirates usually protect these usernames and password and will not share them so 1 or 2 IPs may not trigger your management software. You may have to check manually.

Yeah I'm surprised at the number of blocks ProxyPass does for certain usernames accessing from multiple countries, and the user never emails to complain, they still pay, blocked, sometimes for weeks. I will definitely check the IP's now to weed out this guy, thanks for that tip I appreciate it. Amazing how just one person can effect your bottom line so much.

Any other tips or advice?

[WDF]

Considering the average net user recycles usernames and passwords on multiple sites any leaked database becomes a username and password list.

[AdultKing]

One word, steganography.

[stoka]

even considered it's a regular member, a tube owner or a someone linked to tube owners, getting the freshest content for a funny amount of money? getting tens of thousands bookmarks a month for 30 bucks?

[Bladewire]

Quote:

Originally Posted by AdultKing

One word, steganography.

Ha! Gotcha, and thanks for that ;) Potentially a LOT of work.

So we have this ^ and weeding out by IP by combing through logs, in addition to member management software & possibly not letting users choose their own login credentials.

I know there has to be more yeah?

Proactive:

Member management software
Users don't choose logins credentials
and AdultKing's mention

Reactive:

Comb through logs

[Bladewire]

Here's a real time example:

Just got a subscription notice from CCBill with a username I randomly remember being blocked a lot previously.

I instantly manually block the name and check his signup info. User is from China, signed up using a US IP. His previous subscriptions are from all different IP's from other countries, not China.

As I'm looking up his history in CCBill I notice ProxyPass blocking lots of Chinese & Canadian IP's trying to login. As I type this now I've got 3 new block notices.

[The Porn Nerd]

I also use ProxyPass for my sites. But let me just say this:

You cannot 100% avoid piracy because a legit paying Member may be the culprit. Someone who works for a tube maybe?

Do you fingerprint your vids? Easier to track. Do you insert each members IP into the video halfway through? LOL This may work for streaming....but really, if it's a paying Member there's no way to totally stop it. I hope I am wrong! LOL

Good luck man, that sucks.

[Bladewire]

Quote:

Originally Posted by The Porn Nerd

You cannot 100% avoid piracy because a legit paying Member may be the culprit. Someone who works for a tube maybe?

I agree. I'm just trying to find tools that will help me weed these guys out, or stop them from subscribing in the first place, without turning off to many honest paying members in the process.

Quote:

Originally Posted by The Porn Nerd

Do you fingerprint your vids? Easier to track. Do you insert each members IP into the video halfway through?

I'd like to insert their username into the video. Do you know of a solution that does this? I've looked high and low and cannot find a thing that will get their username on the fly and insert into the video. This would be a big help to my business if it's affordable.

[PiracyPitbull]

Another possibility to bare in mind is password trading amongst seemilngly good members. It's not uncommon for a member who has joined your site many times and appears good on paper, to actually trade passwords with others in order to get access to more member areas of their interest.

We catch quite a few each month doing this and they always have a good number of various website passwords that they want to trade for others. One client had a member who had been joining many of their programs different websites since 2006 and there he was, trading his passwords throughout that whole time for others that he wanted. You only need one of those guys to trade with the wrong person.

[Bladewire]

Quote:

Originally Posted by PiracyPitbull

Another possibility to bare in mind is password trading amongst seemilngly good members. It's not uncommon for a member who has joined your site many times and appears good on paper, to actually trade passwords with others in order to get access to more member areas of their interest.

We catch quite a few each month doing this and they always have a good number of various website passwords that they want to trade for others. One client had a member who had been joining many of their programs different websites since 2006 and there he was, trading his passwords throughout that whole time for others that he wanted. You only need one of those guys to trade with the wrong person.

That's great insight thank you

I completely understand paying members doing a little password trading with paying members of other sites. If one of them did trade with the wrong guy that's doing all this damage then it really kinda sucks because I'm putting a lot of time and effort into getting rid of the bad guy, time I'd usually be using focusing on content, site improvements, etc.

[WDF]

Did you check bugmenot to see if your site is listed?

[Bladewire]

Quote:

Originally Posted by WDF

Did you check bugmenot to see if your site is listed?

I didn't know about that site thanks for the heads up.

My sites are listed there. From the top rated logins I checked, none are valid. I also checked out their chrome & firefox extension. Pretty messed up that the extension has access to the users web & browsing data, which I would assume could include login info as you type. just fueling the flame wow. Thanks again I appreciate it

[SplatterMaster]

Quote:

Originally Posted by Squirtit

Here's a real time example:

Just got a subscription notice from CCBill with a username I randomly remember being blocked a lot previously.

I instantly manually block the name and check his signup info. User is from China, signed up using a US IP. His previous subscriptions are from all different IP's from other countries, not China.

As I'm looking up his history in CCBill I notice ProxyPass blocking lots of Chinese & Canadian IP's trying to login. As I type this now I've got 3 new block notices.

Some software you can block certain countries completely Not sure if Proxy Pass can do that or not.

[Bladewire]

Quote:

Originally Posted by SplatterMaster

Some software you can block certain countries completely Not sure if Proxy Pass can do that or not.

Ok great suggestion thanks

I was also thinking of going through the members IP's and checking if they belong to a VPN service. Do you think that would be useful? I'm going to add it to the list for now.

So far -

Proactive:

Member management software
Users don't choose logins credentials
and AdultKing's mention
Country blocking software

Reactive:

Comb through logs for user accesses using multiple IP's
Check if user's IP is from VPN service



I know there's more, anymore suggestions?

.

[Klen]

Quote:

Originally Posted by Squirtit

Ok great suggestion thanks

I was also thinking of going through the members IP's and checking if they belong to a VPN service. Do you think that would be useful? I'm going to add it to the list for now.

So far -

Proactive:

Member management software
Users don't choose logins credentials
and AdultKing's mention
Country blocking software

Reactive:

Comb through logs for user accesses using multiple IP's
Check if user's IP is from VPN service



I know there's more, anymore suggestions?

.

Extra security steps wont harm you in any way,after all while might not be useful today it will be useful tomorrow,since you can never know what tomorrow can happen.Also if you going to block countries i suggest to use csf firewall since that is easiest way to do it.

[PiracyPitbull]

Also get ccbill or whatever billing processor you use to rebuild your password file. Sometimes, a cancellation doesn't actually delete the user/pass from the file. We've come across a number of situations where the password is old, no ones paying for it but it still gives member area access and people are using it.

[mikesouth]

Quote:

Originally Posted by PiracyPitbull

Also get ccbill or whatever billing processor you use to rebuild your password file. Sometimes, a cancellation doesn't actually delete the user/pass from the file. We've come across a number of situations where the password is old, no ones paying for it but it still gives member area access and people are using it.

I see this quite a bit as well.

[WDF]

Sometimes the drop/delete cron never runs.

Or it is misconfigured and drops the account but does not drop the log in and pass.

[WDF]

Quote:

Originally Posted by Squirtit

I didn't know about that site thanks for the heads up.

My sites are listed there. From the top rated logins I checked, none are valid. I also checked out their chrome & firefox extension. Pretty messed up that the extension has access to the users web & browsing data, which I would assume could include login info as you type. just fueling the flame wow. Thanks again I appreciate it

Everyone running a site of any kind requiring log ins for accounts should be checking that site or searching for password list on search engines.

[AdultKing]

Quote:

Originally Posted by Squirtit

Ha! Gotcha, and thanks for that ;) Potentially a LOT of work.

Copy Control has already developed some prototype software that will imprint onto images (we haven't tackled video yet but the concept is the same) but it's got a simple API and will run anywhere you can run PHP & ImageMagick and allows unique invisible watermarking of up to 28 characters of text.

It survives cropping, resizing, reformatting image type and other changes of up to 60% of the image.

One of the things I hope that Adult IP will take up is providing such tools at low cost to it's members, which will also help with combatting piracy as we'll know exactly who's responsible.

[SplatterMaster]

Quote:

Originally Posted by AdultKing

Copy Control has already developed some prototype software that will imprint onto images (we haven't tackled video yet but the concept is the same) but it's got a simple API and will run anywhere you can run PHP & ImageMagick and allows unique invisible watermarking of up to 28 characters of text.

It survives cropping, resizing, reformatting image type and other changes of up to 60% of the image.

One of the things I hope that Adult IP will take up is providing such tools at low cost to it's members, which will also help with combatting piracy as we'll know exactly who's responsible.

I?m going to guess most sites deliver images in zip files. Does this software mark images, then zip them all and deliver them to the consumer? If so does it do it without making the consumer wait or eat up a bunch of processor speed or memory? Sounds interesting.

[AdultKing]

Quote:

Originally Posted by SplatterMaster

I?m going to guess most sites deliver images in zip files. Does this software mark images, then zip them all and deliver them to the consumer? If so does it do it without making the consumer wait or eat up a bunch of processor speed or memory? Sounds interesting.

At the moment it will:

Grab a zip file (or any archive file) of images, mark them with the data you supply via command line or function call, re-archive them and let them download. Providing you already supply a direct download link to the zip file then it's invisible to the user.

On the other side of the equation our crawlers have the built in capacity to detect those image files and then flag if they are found on the sites we crawl. Then our back end system can catalog them into infringements if they are found on one of the target sites in our database.

I suspended development of it while we worked on other things, but it's a proof of concept, it works well from our testing and is just the kind of tool that we should be providing to members of Adult IP when it's ready for release.

[iwantchixx]

Quote:

Originally Posted by Squirtit

There is a thief uploading my updates to tube sites within a couple hours of them going live.

Does anyone have some tips or solutions to combating this kind of theft in your members area? My updates instantly lose value, and I lose money, when they are uploaded WITHIN HOURS to a tube and file locker site.

Any tips and advice are appreciated

Set to streaming-only and encrypt the video file url. Then, overlay unique user id in random spots in video using an overlay above the video player. Set in random coordinates. Make it so they would only notice it if they payed attention to every second of video. If they resort to screen recording and miss it, you got them. Throw the book at them.

You can also (with a bit of programming) stamp the video file properties with unique member ids so if the pirate is able to decrypt the video file url and upload to torrents, you can trace back to the member.

Of course, a very very clever thief will easily bypass all this shit

[The Porn Nerd]

Quote:

Originally Posted by iwantchixx

Set to streaming-only and encrypt the video file url. Then, overlay unique user id in random spots in video using an overlay above the video player. Set in random coordinates. Make it so they would only notice it if they payed attention to every second of video. If they resort to screen recording and miss it, you got them. Throw the book at them.

You can also (with a bit of programming) stamp the video file properties with unique member ids so if the pirate is able to decrypt the video file url and upload to torrents, you can trace back to the member.

Of course, a very very clever thief will easily bypass all this shit

This, and get CCBill to periodically rebuild all your password files. Members of my networks get access to every website so it's one password file, which is easier to keep an eye on for me. They just did this earlier this week for me.

Blocking countries like Russia, China and India (along with many eastern european countries) can help. Do some research on where the majority of your Members come from.

Lots of people use proxy servers and VPNs so as not to be seen viewing porn. Family, job or religious reasons maybe.

Finally, if you don't already, employ Remove Your Content and have those guys monitor your stuff. Each month they will take down literally thousands of links for you.

PS: Old-school tip. Watermark your vids on the lower-left corner instead of lower-right corner. This is for Members Area vids only. This way, the pirated stuff will be easier to spot plus some tubes do not allow such watermarks (they all want it on the lower-right corner) so they would inadvertantly help. Plus makes it easier for companies like RYC to spot stolen stuff. PLUS it helps with branding since lower-left corner is unusual so more memorable.

[AmeliaG]

Quote:

Originally Posted by PiracyPitbull

Also get ccbill or whatever billing processor you use to rebuild your password file. Sometimes, a cancellation doesn't actually delete the user/pass from the file. We've come across a number of situations where the password is old, no ones paying for it but it still gives member area access and people are using it.

Yes, definitely do this. I regularly have all SpookyCash's billers supply a text file with usernames and encrypted passwords and rebuild the password file. If you use more than one biller, the process is smoother if you do it yourself, rather than just giving billers FTP and hoping they edit at the same time and don't overwrite each other.

[SplatterMaster]

Quote:

Originally Posted by AdultKing

At the moment it will:

Grab a zip file (or any archive file) of images, mark them with the data you supply via command line or function call, re-archive them and let them download. Providing you already supply a direct download link to the zip file then it's invisible to the user.

On the other side of the equation our crawlers have the built in capacity to detect those image files and then flag if they are found on the sites we crawl. Then our back end system can catalog them into infringements if they are found on one of the target sites in our database.

I suspended development of it while we worked on other things, but it's a proof of concept, it works well from our testing and is just the kind of tool that we should be providing to members of Adult IP when it's ready for release.

let us know when you have it fully functional.