Well, I have made a lot of mistakes over the past year or two going from DVD sales to online sales, but this time I may have really fucked up. I am posting this in hopes that someone else can learn from my mistakes before what happened to me, happens to them.

:confused:

CCBill, for all their fees and high charges, does not offer any type of password sharing blocking, which I assumed they did because my own merchant account did that. So, when I went from my own merchant account to CCBill last month for my Frat-Hazing.com site, it was a huge mistake.

I have just ordered StrongBox, which is being installed now, and I am told that should take care of the problem and works with CCBill. Although to be honest, if the companies I owe the money to do not either waive the charges or put me on a payment plan, keeping the site open will be the last of my worries.

We had a password sharer, which has now caused me thousands of dollars in bandwidth fees, both for the bandwidth of hosting my site, plus potentially thousands of dollars in fees from a feed provider that I was using.

So, for any newbies out there, learn from my mistakes.

1. Do not assume new software or billing solutions do something that they do not. Even if it seems like something that should be standard. (VENT: For all their fees, you would think CCBill would offer password sharing protection, even at an extra charge. Shit, my tiny merchant account even did.)

2. Double check CCBill's work. When they installed my password protection folders last month on Frat Hazing.com, they left an entire folder unprotected. I am not sure if it made a difference in this case, but it could have down the road. Learn who you can trust at CCBill, because not all of their techs are the same. I now have one gal that I like a lot, and I will always ask for her in the future.

3. Check your bandwidth usage daily. Don't wait to get the bill and then find out there is a problem.

4. Don't add feeds to your site unless there is a cap on how much it can be used each month. We added our first feed last month based on advice from their sales department that it should not be more then $150 per month based on the number of members we had. If we had had a cap on how much bandwidth we could use, there would be no issue today. We would have hit the cap on the first day the trader gave out his password.

4. If you do this part time as a hobby, maybe you should not. Matthew and I do this as a hobby to share our spanking stuff with other people. It is not our real job, and we both work 40 hours plus each week to meet the bills. We were tired of not finding the type of stuff we wanted to see so we decided to make our own. The money from the site was always rolled back into the site to hire new models, etc. Some months there was a small profit, but most months we put our own money from our real jobs back into the site. Bottom line, if you do not know what you are doing, there can be real problems.

Hate to hear that Michael. Those kind of things can be a complete nightmare.

Wow Michael, that really sucks. I'm sorry to hear this has happened to you. I would have thought your host would have detected a spike in bandwidth usage, even if CCBILL is managing your user id's and passwords. Our entire network is proteced by detecting multiple logins from more than 1 IP address, within a period of time.

It's good that you are protecting yourself from here on out and I hope you're able to get your host and the feed provider to work something out with you!

Its been on the boards and has been discussed time and time again, getting strongbox installed will stop password traders dead in their tracks.

Also, your web host should be monitoring your server's vital stats, that includes bandwidth usage. NationalNet has an automated monitoring system that automatically creates a support ticket if they see a huge leap (or dip) in bandwidth usage, and they investigate within 5 minutes of that ticket being created. If your host does not do this, its probably time to find a new one that keeps up with current customer requirements.

I don't agree with your venting that ccbill should offer anti-password sharing protection, its not their job AND they do not host your sites so they have no technical ability to stop password sharing. Their job is to provide 3rd party billing services, which they do well.

That being said, you should call this a lesson learned, get the proper systems in place (strongbox, a good host, bandwidth limits on your feeds) and learn from this, don't let it defeat you.

Michael,

Also be aware that while services such as Strongbox, Pennywize, ProxyPass, etc., will protect you from multiple logins and excessive bandwidth on your server(s), they may not fully protect your leased feeds.

Also, your web host should be monitoring your server's vital stats, that includes bandwidth usage. NationalNet has an automated monitoring system that automatically creates a support ticket if they see a huge leap (or dip) in bandwidth usage, and they investigate within 5 minutes of that ticket being created. If your host does not do this, its probably time to find a new one that keeps up with current customer requirements.

I'm really sorry to hear about this. I hope you can manage to sort it out somehow.

But as Luke mentioned, I would have expected a good hosting provider to have some sort of monitoring and warning system in place. I know mine does and wouldn't have allowed such a massive spike of traffic to happen (from what it sounds like).

Its been on the boards and has been discussed time and time again, getting strongbox installed will stop password traders dead in their tracks.

Also, your web host should be monitoring your server's vital stats, that includes bandwidth usage. NationalNet has an automated monitoring system that automatically creates a support ticket if they see a huge leap (or dip) in bandwidth usage, and they investigate within 5 minutes of that ticket being created. If your host does not do this, its probably time to find a new one that keeps up with current customer requirements.

I don't agree with your venting that ccbill should offer anti-password sharing protection, its not their job AND they do not host your sites so they have no technical ability to stop password sharing. Their job is to provide 3rd party billing services, which they do well.

That being said, you should call this a lesson learned, get the proper systems in place (strongbox, a good host, bandwidth limits on your feeds) and learn from this, don't let it defeat you.

Thanks everyone.

Yeah, it probably is not fair to vent about CCBill, but quite frankly the only reason I switched to them was because I thought they would make my life simpler. If I had known their software did not prevent password trading like my merchant account did, then I would have installed StrongBox in the first place.

I always skipped over the threads about password trading because I only have so much time to spend on the boards and I usually do not read things that do not relate to exactly what I am looking for help with, or something that I think I might be able to answer a question for someone else. Another lesson learned. (Which goes back directly to my point that if this is just a hobby, maybe you should rethink it.)

The good news is my web-host says they will waive the excess bandwidth this month, and now all I have to worry about is the feed company.

The Feed Company has already agreed to drop a few thousand off of the bill, but even where the bill still stands, it is more then I had budgeted to spend on the site for the next six months.

Michael,

Also be aware that while services such as Strongbox, Pennywize, ProxyPass, etc., will protect you from multiple logins and excessive bandwidth on your server(s), they may not fully protect your leased feeds.

Is there anything that can?

I'm really sorry to hear about this. I hope you can manage to sort it out somehow.

But as Luke mentioned, I would have expected a good hosting provider to have some sort of monitoring and warning system in place. I know mine does and wouldn't have allowed such a massive spike of traffic to happen (from what it sounds like).

Thanks. My hosting company tech man says they will waive the excess fees. As far as the alarm or warning, I plan to email them that question.

Fingers crossed with the feed people. I am hoping they will see this for what it is, and forgive everything above my normal monthly charges. But I do not know their costs, and I understand they are running a business too. But that being said, you can't get blood from an apple, and even if they hold me to the bill, they will simply have to wait for monthly payments.

The frustrating thing was that the first month I had the feeds and I was hardly using any of their bandwidth, they emailed to see if I needed help with anything. Yet when I start using more bandwidth then (in their words) "our largest multi-site customer" no one emailed to see if it was legitimate or not. It was only when I logged on to my account to see if my mailed check payment from the last month invoice had been credited to my account that I noticed my new pending charges and almost had a heart attack. I actually thought it was an error.

:bang:


But, at this point, I am not really sure what they are planning to charge me. They already reduced my online invoice by several thousand, but even still, it is a lot of money for someone like me.

But I hear they are a good and reputable company so I am confident we can work something out. Even if it is just a payment plan for the next year or something.

As I was reading, I thought "talk to your host, they'd probably rather waive or help with the fees than lose a customer."

It sounds like that is what they decided to do.

Do not let this defeat you; use it as a learning experience (as others have said).

Good luck ... I hope you don't go anywhere!

Let me know if you want to sell your site thanks

Which merchant account offered password protection??
I have no idea how this would work?? Do you mean a gateway? What were you using to manage your members ?

Sorry you are having problems.
Go with phantom frog it rocks

Michael, I'm afraid this is lesson 1 that all newbies learn - and I advise every new webmaster to watch their bandwidth every day. Within 3 months of launching BM I noticed a huge leap one day... I paid the $300 overage fee and had ProxyPass installed that same day. Frankly, I'm amazed you've gotten away without protection for so long!

Let me know if you want to sell your site thanks

Not quite to that point yet, but thanks. I will let you know if things change.

Which merchant account offered password protection??
I have no idea how this would work?? Do you mean a gateway? What were you using to manage your members ?

Sorry you are having problems.
Go with phantom frog it rocks

It was all set up by the bank, and yes, I suppose it was the member software that was doing it, not the actual bank itself. But it all came in a package deal, and I just assumed password protection was standard. Totally our mistake.

Frankly, I'm amazed you've gotten away without protection for so long!

LOL (and crying on the inside) - which is part of why we thought CCBill had it built in. We used CCBill for two years on our spanking site and never once had any sort of problem with password trading. (That we know of.)

I certainly feel your pains. We had 30 members to PhillyFratLive.com when it first launched. We figured eh, what the hell we don't need it yet. Just as we were saying that, someone was doing just what happened to you. We didn't find out until less than 3 weeks later when a $15,000 hosting bill came in, over $9,000 in feeds bandwidth usage came, and we were finding all of the video archive content all over the tube sites. All of that happened in a matter of 2 and a half weeks.

We were heading out of business. We were falling and falling fast. It was very scary. Immediately, before we paid anything we got PhantomFrog.com installed (much better than strongbox). We caught the member, blocked his IP Address from our servers, we shut off his account, and we refunded him the remaining funds of his membership (to prevent a chargeback).

We had to get a loan from the bank just to stay in business. Luckily the feed providers worked with us, hosting wouldn't, we were in terrible danger. If it weren't for an employee who had perfect credit, we were faced with going out of business. Now we have the loan paid back, and we feel that we're safe but in our mind, we know we're not. There's still hackers out there.

NEVER EVER EVER underestimate a member. We will NOT release a new site unless it has phantomfrog installed on it. EVER! All it takes is 1 member, and you can go under and fast!

My thing is, what if the member is in the united states, you have the IP Addresses of the sharers... Isn't there some kind of legal action you can take against that member?
It's illegal to steal clothing from Walmart, why isn't it illegal to go after someone stealing your memberships?

You're wrong to blame a member for knowingly sharing his login details. It's hackers who run automated scripts against your password file looking for something that works that do this. The most I have seen on my site is 85,000 attempts within 24 hours.

And then surfers don't use unique (different) username / passwords for each site they join. Once they've been hacked somewhere - they're hacked everywhere that surfer goes. Nothing is simple in this biz!

You're wrong to blame a member for knowingly sharing his login details. It's hackers who run automated scripts against your password file looking for something that works that do this. The most I have seen on my site is 85,000 attempts within 24 hours.

And then surfers don't use unique (different) username / passwords for each site they join. Once they've been hacked somewhere - they're hacked everywhere that surfer goes. Nothing is simple in this biz!

That is SOOOOO true!!! And its exactly why we force random username / passwords on all our members. Just another layer of protection!

Similar thing happened to me in the past and I got phantomfrog. Everything has been fine ever since. I might have to look into strongbox as it looks like a cheaper solution.

All the best with this Michael. What a horrible thing to happen to anyone. Let's hope it really is just a learning experience and you are able to continue. There isn't enough good spanking content out there to begin with.

most likely the bank and their setup didn't protect you from password traders - you were probably lucky till now.

glad to hear your host is being cool, and congrats on protecting your site with strongbox - it's a good move. one of my friends had so many downloads happening just before he got it that his site was a crawl. his regular members were quitting because the site was like dialup slow or worse.


It was all set up by the bank, and yes, I suppose it was the member software that was doing it, not the actual bank itself. But it all came in a package deal, and I just assumed password protection was standard. Totally our mistake.

We will NOT release a new site unless it has phantomfrog installed on it. EVER!
Similar thing happened to me in the past and I got phantomfrog. Everything has been fine ever since.


Thanks for the great feedback!

Michael, sorry to hear about your dilemma. There are a few webmasters who are under the impression that CCBill provides password abuse protection.

I represent the password protection system called Phantom Frog and wanted to provide some further information about our system. PhantomFrog is setting a new standard for password security. It uses Geo-IP tracking technology which will not even allow 2 people to share the same password let alone a whole trading forum with hundreds of leechers!

Our Hi-Resolution Geo-IP Tracking offers the most accurate password abuse detection available anywhere. It tracks all visits to the members area of a site down to the city level. Furthermore, it takes latitudal and longitudal data into consideration. Therefore, Frog detects the fact that the same password was used in L.A. and NYC. We pinpoint the abuse instantly, allowing for the possibility of legitimate travel. That level of resolution is unique to Phantom Frog.

Our system is based upon the premise of providing 24/7 uninterrupted access to the legitimate members while blocking out the leechers. This is accomplished automatically through our Automated Member Support (AMS) feature. When password abuse is detected, the password is changed. The next time the valid member tries to login, Frog uses their email address to validate their identity and issues them a new password directly via email. This strategy breaks the cycle of password abuse and frees up the webmasters to do more important work.

Our product is integrated with CCBill, NetBilling, Paycom, NATS, MPA3, Verotel, 2000Charge, SegPay, Jettis, and 365Billing. Phantom Frog has a simple FREE Trial Version which installs by adding one html tag or we can handle the installation completely for you for. In fact, we recommend that you leave ProxyPass or Pennywize activated during our Trial to witness first-hand all the abuse being missed by them!

Most of customers were motivated to purchase our password protection only 3 days after installing the Free Trial! We also offer Brute Force Attack Protection, and Bandwidth Abuse Protection.

Phantom Frog has stellar webmaster testimonials which are listed on our site. A high percentage of our clients are ex-ProxyPass/Pennywize clients. A casual scan of our webmaster testimonials page will reveal how unaware they were of the password abuse which "flying below the radar" of their current protection system.

Please feel free to contact me with any questions or feedback.

Visit our site to learn more (http://www.PhantomFrog.com/g)

Visit this link to try our FREE demo (http://phantomfrog.com/g?ft=1)

Thanks

George

Email: George@PhantomFrog.com
ICQ: 226948212

PS Michael, we did receive your Trial request and you should be setup shortly if not already

:whip: :slap:


Let me know if you want to sell your site thanks