Strongbox ROCKS!
 

I have one word to say about Ray at Webmastersguide.com's password security system.......................WOW!

Ray installed StrongBox on my site and the brute force attacks have stopped.....password sharing is done......security rules!

Thank you Ray and thank all of you who helped me with my problem.

Linda

Hey Linda glad to see your problems have stopped. Ray is a great guy and that software of his has saved me a ton of $'s

Thanks for the kind words, Linda, and Kevin.
Also thanks for beta testing the new real time open proxy
detection module. Yours was the first site to test it, but I put
in on one more site early this morning. So far it looks
real good - I'm excited about it.
Linda, I think we took Password Sentry off in the
process of putting Strongbox on your site.
How would you compare the two, so far?

Glad you got it locked up Linda;)

DD

PS vs Strongbox
 

In comparison from Sentry to Strongbox.....I found that when we used the brute force thing on Sentry where one had to type in a "code" each time...there were so many conflicts that even legit members could not get in or they had to log in four and five times...and then their username would get blocked. What a mess. And I think that Sentry is the reason some members could not see certain areas of my site due to conflicts.

The stats that I can view are amazing in Strongbox and they tell me in no uncertain terms exactly what a username has done or tried to do.

And the open proxy thing....well Sentry never had that.

With Sentry all I got were complaints and in some cases, I would get 25 abuse notices in one day. People are still trying old usernames, posted illegal usernames, etc. etc. I did not know that because Sentry did not tell me these things.

I've only had it for two days so in time, I am sure I could write chapters on the comparisons. A great product Ray! Linda

Sounds like Strongbox is the way to go...rock on!

How does Strongbox compare to Pennywize? What are the advantages/disadvantages?

First off, Strongbox isn't really directly compareable to PennyWize
or anything else out there that I know of.
To explain why, I have to get a little technical.
Before I do, let me point out that with Strongbox there is no
monthly fee and no reliance on someone elses server for your protection.
Pennywize is an old solution to an old problem.
The script kiddies, real hackers, and just plain password
sites figured out how to beat PennyWize around 1999-2000.
As more and more password sites and software did their end runs
around PennyWize, we began developing Strongbox
as the next generation in security.

Now for the technical part:

Pennywize and similar services are needed because most web sites
today use something called "Basic Authentication", which is implemented
in a part of Apache called "mod_auth".
This "Basic Authentication" is the system where the gray box pops
up asking for your username and password.
When the designers of mod_auth first released the design
for that system, they were very careful to point out that it was not
intended to be secure. It was intended to be a very basic system
that could be used to put a password on your stats page until something
better was designed. One major weakness is that Basic Authentication -
the pop up gray box - does not distinguish between the two main
phases that you learn about in security 101.
The first day of a computer security course you'll hear about
the two phases of "authentication", making sure the user is
who they say they are, and "authorization", checking if they
are allowed to access this particular page, etc.
The authentication phase is when they login, the
authorization happens
every time they view a page or image.

With basic auth, they never login. Their username and password
is sent by the browser every time it requests a page or image.
Because they never actually login, you never get to thoroughly check them out.
There are a lot of other problems too, liek the fact that the whole
thing is based on a very short password that can be shared.
Pennywize and similar programs try to tape up the holes in basic auth.
That's a very tall order, because basic auth is built like a chain link fence -
way too many holes to try to keep taped up.
PennyWize and similar programs end up working like a burglar alarm
inside the fence - trying to detect an intruder after they get in and
then trying to deal with them after it's too late.

Strongbox, on the other hand, gets rid of the whole "basic authentication"
fence and puts up a thick brick wall instead.
It doesn't tape up any holes, because it throws that fence full
of holes in the trash pile behind the woodshed and puts in it's
own far superior system.

PennyWize and similar systems are also easily defeated by
proxy based attacks.
An http proxy is a server that let's you
surf the web through it. Your computer connects
to the proxy and tells the proxy what page
you want to see. The proxy gets the page
for you and forwards it on to you. From the
server's perspective, you are invisible -
it only sees the address of the proxy.
When people doo a brute force, or "hurling",
attack, they might use 20 different proxies,
so the server sees the requests coming from
20 different IP addreses. They do this to
fool software like Password Sentry, which
merely counts how many times a certain IP
has tried a different username and password.
These older, simpler "patch up" systems will let each
of the attackers IP addresses guess many
usernames each hour, never recognizing that the
guesses from the 20 different IPs are all coming
from the same person and their brute force,
or "hurling" software.
Strongbox isn't so easily fooled. Strongbox
blocks these open proxies right away. There
are some legitimate proxies. For example,
AOL uses proxies so they don't have to have
different IPs for each user. Legitimate
proxies that you want to let through, though,
are closed proxies - AOL proxies, for example,
can only be used by AOL customers. Companies
set up legitimate proxies so that only their
employees or customers can access them. Script
kiddies, hackers, and other undesirables don't
pay for access to 20 different proxies from
20 different companies, of course. Instead
use servers that have been misconfigured or
hacked so that anyone can use them as a proxy,
or one of a couple proxies put up by nerfarious
characters specifically for the purpose of
allowing various kinds of wrong doing to be
accomplished without showing the perpetrators
IP address. These proxies which anyone can
access are called open proxies. As they are
often used by people attacking sites and
rarely or never used by legitimate users,
Strongbox blocks access from these open proxies immediately.


This proxy defense module was originally
designed as an extra cost option to enhance
Strongbox's already high resistance to these
types of attacks. We have decided to include
this module as a free bonus with every Strongbox
installation right now.

Raymor,

wow, I have to say I really appreciate you taking the time to explain the differances and advantages to your program vs others.

Im very impressed, and I will be looking a little further into your product through your site, but I have one more question. If there's let's say 50 sites BUT one main members area, it only needs to be installed on the one main domain/box correct?

There are some variables there and it's not 100% clear what
exactly your scenario is. I normally define a site as being a distinct members page.
50 entrances that lead to the same page is one site.
50 entrances that lead to 50 different "members" pages in 50 sites.
When you say 50 sites but one members area,
does that means 50 sites that each have their own "members home"
page but the pics and videos happen to be in the same directory,
or does that mean 50 entrances that lead to one members page?

Are these AVS sites, or pay sites?
If someone is a member of one (has access to the "one members area",
do they also have access to all of the other sites with the same members area?

We could discuss your exact situation via ICQ, phgone, or email.

Just had Strongbox installed on FoxyAngel's site.

Just wanted to say how wonderful the software is and what a delight it was to do business it with Ray. :)

Oh yeah… seeing the BW being used drop way down was also really nice. :D

Yep...as I said...
 

STRONGBOX ROCKS! AND SO DOES RAY!!!!!

I've had the program for months now and what a difference! The hackers have finally after all these years...GIVEN UP!

Strongbox
 

I purchased a few copies of strongbox a few months ago, and couldn't get it working due to compatibility problems with my dynamic members area. I never really got it installed or used it. .

Instead I am using Pennywize and it has been working great. Not so happy about the monthly charge, but it only took 30 seconds to install and it seems to work fine for my needs.

Ray, is it cool if I sell my 4 licenses to someone in need? If so, anyone in the market for strongbox? :)

Re: Strongbox
 

Ray installed mine. I don't think that there is anything he can't fix. He knows his stuff.

Strongbox broke the feeds with the way they were setup at Angel's site.

Basically the feeds were depended on the correct referral being sent and since the referral was a different sub domain each time this was no longer possible.

The feed people fixed this be placing a small php page on Angel's server that I link to. It then sends some info that says I'm a good url so show me the feeds.

To the members nothing has changed but all password sharing, hacking, and the rest of the crap has completely stopped. Angel's site is using less then half the BW now and has over a third more member's at this time the two weeks ago.

Webmaster's Central video feeds is who Angel is using and their feeds do work with Strongbox now. :)

Yep...strongbox....!!
 

IT'S THE SH-T! |bananna|

dicknixon I'm sure Ray wouldn't mind if you sell your licenses as long as you let him know. I use it on about 20 sites across different servers and it works great for us.

Damn. By the description of Strong Box I thought it was going to be hundreds of dollars, but it's not. It's pretty damned cheap, especially considering what it saves you.

Hike your prices you fool!

That's cool. if the buyer wants the reports and member
managament module they will need to pay me the $30
each for that.

Ray

Hi I'm a noob :D

Is everyone still using strongbox? I just signed up so I hope it's still the best for this type of problem?



I like the pink elephant so I'm gonna post it for no reason |pink :D

I am still using SB on all my sites |thumb

Victoria, from what I've heard Stongbox is the best solution available for these problems, and Ray is a great guy to work with :)

btw, are you by any chance related to Jim? :D

Victoria, I still think Strongbox is a good 3 years ahead
of anything else, but I'm just a tiny bit biased. :)
OK, so I'm a lot biased. Thanks to Kevin and Fonz for
taking the time to reply to Victoria's post.

Victoria I'm doing the pre-install preparations for your site
right now so you'll soon see for yourself and you'll be the one
posting to let others know what you think. I'll certainly be doing
my very best to make sure that your post says something similar
to Linda Might's post that started this thread.

I posted this thread back in February of 2004. And I still say.....STRONGBOX ROCKS....bar none...it is the best, the best, the best!

And Ray has the best customer support ever! Not to mention he is brilliant.

Between my hosting company and Strongbox....my site troubles are few!

|bananna| |pink |bananna| |pink

Linda

Thanks for the replies everyone! Ray is doing the install and hopefully it all works out...I'll let you know :D |thumb