Password Hacking/Cracking
 

the last few days Password Sentry has been suspending usernames like crazy, way above normal. i haven't paid attention to the password scene in years, back then most of the u/p's were cracked/guessed by brute attacks with wordlists of common usernames and passwords.

i noticed a thread on here not long ago where a guy said that's old technology now to these guys, that they now use password sniffing software. how does password sniffing work?
and is there anything I can do to defend against it?

Best defense is removing gfy signatures that are bigger then allowed.

What sig?

seriously, fuck off with your huge ass sig

The software works like any other software that does as it is supposed to do. You input sites that are password protected and the criteria asked for in them, as each one is different and then you start it and let it run, it'll output passwords that are valid at the time it hit that site in the criteria set... it'll be valid until it is killed by you.... that's about the long and short of it.

several ways to "sniff" passwords , you can set up a wireless network to spy on users, basic keyloggers, proxies, trojaned computers, etc etc

seriously, fuck off with new nicknames when nobody noticed your drivel under the old one

get a room with mrfrisky and smell it up with the stench of ass

but what's the most common method used these days by the password crowd on IRC and the web?

Most common is that a server has been compromised in my opinion.

The password file is then there for the taking (or the NATS database depending on what you have).

I was talking to John Scarpa at Swiftwill and he told me that every server that has been moved over to them is gone through by his team, and every one of them had been compromised. EVERY one of them!

That was pretty shocking to me.

I've also found that a lot of people don't have secure email.
I use phantomfrog to catch and stop all that password abuse, and when I see a particular person's user/pass getting slammed constantly, I contact them. I tell them to change their email password and that usually stops their user/pass from being abused instantly.

Had a lot of members thank me profusely for showing them that their email account had been hacked...

those animated gifs are 15MB, the girls are hot, but don't be stupid dude... :2 cents:

woj are you on dialup?

Ask your roommates to kick in a few bucks each a get high speed internet:2 cents:

Have some respect for the rules.

No, Woj is on DSL, but he usually has a bunch of Gay Twink & Tranny torrents downloading. :1orglaugh

Email security is so important yet so few people even realize it. Gmail does a great job and always has with their SSL and they have many other minor features implemented to help prevent people from getting your password and if they do you can check the logs and should be able find out. Picking good passwords is also important. Not using the same password also helps as if they get one, many people will try the same password at other sites--including your email as so many people are too lazy to use different passwords. If remembering passwords is a chore for you try 1Password (if you are on a Mac).

Never use anyone else's computer and stay far far away from any Internet cafe as you can probably assume they're collecting your info. Use a VPN if using wifi if you are really concerned.

Yet I think your questions are more about your server. Make sure the location of you file is below your public files. You might wanna change your site/server passwords if you haven't done so in awhile as maybe someone has access. Password Sentry I think has an anti- bruit force plugin so check into that. I hear they're coming out with a major upgrade for that soon and I'm looking forward to learning what neat features it has built in.

Sniffing isn't something you can do much about as it's mostly on your customers end, but I'd doubt that's a major issue with people getting endless amounts of your passwords. I would say check your password file location, change your passwords, and look into bruit force prevention by checking the PS plugin.

Oh, one last thing, consider getting a monthly subscription to a security company. I use a company which for just $100 a month they make sure my sever is secure and they monitor it 24/7 and will handle issues and alert me when there is a problem. I also check with them first before installing different programs to make sure I am not creating a security hole--a few times they've even warned me against some programs and suggested more secure options and they'll even install them for me at no extra costs if I want.

Who are you using?

Wierd thing is I've had whole blocks of passes stolen that are billed by epoch or netbilling but almost never the other 5 billers & gateways I have. So basically when you have 3rd party or gateway billers for your merch, you gotta worry about their security practices too.

I use securitymetrics.com to keep my nats servers PCI compliant which I'm hoping is enough to detect the nasties in addition to the host setups. If there is something better I'd love to hear!

Try PhantomFrog.com Not only does it work great, it detects multipul IP's and changes passwords as soon as it detects passwords used from multi IP's.

It also allows you to limit how much content the user downloads.

http://PhantomFrog.com

interesting security discussion

1) are all nats own servers 100% ok ?
2) are your servers exploitable ?
3) get proxypass or phantomfrog

some billers are complete hacked, usernames, passwords, emails, ccs and so ... then its not hard to make fresh combolist or to get into members emails ... there will be always alot of people trying their best to get somewhere, always, and its sad but they are and always will be mostly succesful :) :2 cents:

Does eric approve with wayyy to big sigs nowadays?

who cares how big a sig is? get a life.

You cared in the other thread, now you dont? Is your bot failing :) jk

or get a date in mexico

links pulled

only protection total is to unplug it :)

You're complaining about two smoking hot chicks kissing each other?

LOL you know how I know you're gay?

I'd listen to the guy who has hundreds of cracked GFY usernames... :1orglaugh


There's still people using AccessDiver :2 cents:

Thanks for mentioning PhantomFrog Robbie, Mr. Happy and MasterM

Whether passwords are compromised as a result of sniffing software, email intrusion, server intrusion or brute force attacks, the main priority should be detecting the password abuse and ending the cycle of abuse on the first unauthorized attempt.

PhantomFrog has the most accurate and advanced password abuse detection via our exclusive Hi-Res Geo-IP pass abuse detection feature. Making a webmaster's life even easier is what our Automated Member Support (AMS) feature does by providing 24/7 uninterrupted access to paying members and none to hackers. This is all accomplished without the intervention of the webmaster freeing them up to do more important work like
content development and site promotion. PhantomFrog also provides Bandwidth Abuse and Brute Force Attack Protection features rounding out the premium protection that we offer for your sites and your members.

Click Here To Learn More About PhantomFrog

Click Here To Install Our Free Trial


Many Thanks

George

most of the people use a dictionary list, and have it running all day with proxies until it cracks them.

depends if you have a popup password (htaccess) or not.

Noone does this
Does not matter.

yes, some people do do this, recently I had a site under attack for weeks in that exact way :2 cents:

sire, can i have gfy biller combo list sire? :helpme

hey asshole, look on the first page of google for password sniffing software.

Look for the page titled:
What Is Password Sniffing?

No you didn't. Because they don't have enough proxies for that, and because all would get blocked very soon. Unless you have absolutely no protection at all and you're not even checking for ip so they can do it from 1 ip.
So again, noone does that. You probably had something else happen but you have no idea what, and your hosting/whoever just muttered up some excuse for a messup, or didn't want to explain to you what happened.

accessdiver thats how most of the password sites get them.

accessdiver , goldeneye . and the better ones use : HAS , for £HAS_Command

:)

Today & yesterday we have also had our Strongbox program banged at... We used to have a problem with password hackers every few months. Since getting strongbox, Ive had little problems but too many strongbox emails. I suppose, proving Strongbox works well :)

ya strongbox is a good solution, people that sitll use pennywize should be shot in the head or any htaccess method.

strongbox protected sites are not as protected as proxypass protected sites.

you are wrong again

I am my own management, and I personally looked at the logs of the 24 hour a day attempts on brute forcing the passwords, and I also personally banned the ips of the proxies they were using (they were using a lot). Anyways, they easily have enough proxies for that if the site admin doesn't bother to notice that they are doing it.

Possibly related, I get spam sent to a unique email address I used for signing up to a few ccbill paysites. I don't know if it was the paysites or ccbill that were compromised.

I know there's been a few threads over the years with people offering billing records, probably wouldn't take much for an employee to quietly take a copy for themselves home...

Wow, you live in the 90's. Accessdiver rofl. "htaccess method" wtf rofl. Yea, it mattered is it "htaccess" or "form" when you were in 90s using accessdiver. Get with the program. Strongbox is horrible, so is pennywize.
Rofla@goldeneye, that's even worse then accessdiver.
Has is not a bruteforcer, shouldn't pretend something you aren't with explot naming tools.
I'm not wrong. I fear for your "management" if that is what you banned.
a) They dont have infinite proxies. Actually they have them very little lately (compared to 90s when certain people last read "how to crack" tutors)
b) they dont run bots all day long because that's stupid for a number of reasons i already pointed out.
And just the notion you have to "personally ban ips they were using" means you dont have ip check for a number of tries on your login. Which in turn means they dont have to use proxies and can brute from 1 ip until you personally ban it again. They're smart enough to notice you're not banning proxies automatically and would not waste them in vain against such poor protection.