Everyone seems real concerned about letting the REAL user in and keeping out
everyone else.
I am currently working on a few adult sites myself, and there are a few
things to keep in mind about XXX_Password sites.
The one person who posts the UserID/PW on XXX_PW sites is just as guilty as
the 1000 who try to hit your box with the same UserID/PW. You don't need to
reset the logon_enabled every 10 minutes. Once an account gets >5 attempts
from 5 IP addresses in <5 minutes, it's a pretty safe bet that it can be
marked off the list as invalid.
If you reset the PW and email the new one to the owner, he'll post the new
password to the XXX_PW list and the whole thing will start again.
The best thing you can do is restrict it to 1 concurrent logon at a time,
and write a logon routine that can handle hundreds of invalid attempts per
minute(if its possible).
Just my .02
Eric
-----Original Message-----
From: Steve Nelson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 05, 2000 10:09 AM
To: [EMAIL PROTECTED]
Subject: Re: <CF_porn>...
I guess the question with this is.... which one do you allow or
disallow? What if the bad person logged in first and the good person
logged in within a couple minutes.... do you kick out the good person?
My thinking is that the account should get locked out somehow.
Maybe after the account has been compromised, it would kick all users
that are using that account out, then email the good person with a new
password. That would require the bad person to have to also break into
the user's email account. This would probably work great as long as the
person's email account is not also compromised
Steve Nelson
Cameron Childress wrote:
>
> I would be interested in hearing about any solution you end up with. For
> the record, I don't run any porn sites...
>
> An idea: I would think that disallowing two logins with the same UN/PW
> would solve this problem.
>
> -Cameron
>
> -----Original Message-----
> From: Steve Nelson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 9:36 AM
> To: Fusebox
> Subject: <CF_porn>...
>
> I have a slightly unusual question to ask.... Does anyone on this list
> manage a pornography site? (you can contact me off the list if you're
> weird about it)
>
> I'm asking, because I was just chatting with a CF developer who runs a
> porn site and he was talking about how everyone once in a while someone
> will buy an account and post the username and password on some 'free
> password list' website and then his site crashes because it can't handle
> the amount of requests.
>
> Anyway, if anyone has dealt with this issue, I'd love to chat about how
> they got around it for a security module I'm working on, or brainstorm
> on potential solutions.
>
> Steve Nelson
> --------------------------------------------------------------------------
--
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
> --------------------------------------------------------------------------
----
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
