Protecting Paysites from Password Abuse

Stephen Yagielowicz
It's a problem that is faced by all adult paysite operators — the unauthorized disclosure of member logins, where legitimate users provide friends and strangers with their user name and password, "sharing" access to your premium content and impacting your bottom line.

This impact costs operators both direct and indirect revenues: direct revenues because the person that receives access to your member's area for free will never become a paying customer; and indirect, as the increased server resource usage can slow down the overall user experience for both current and prospective customers — hurting both new sales as well as recurring sales.

Sometimes this sharing of passwords is intentional, with members providing logins to folks ranging from a relatively small circle of friends, to organized password-sharing websites that offer incentives — including cash payouts — in exchange for a supply of fresh login information.

Sometimes this sharing is unintentional, and even unnoticed, as in the case of malware and "zombie" systems that may be on a user's computer: recording keystrokes and then providing criminals with all sorts of login information; from online banking accounts to access to your paysite — and everything in between.

While inexperienced operators may discount the frequency with which this happens, statistics show that anywhere from 5-50 percent of member area accesses are performed using "shared" login information. This can lead to not only vastly increased bandwidth consumption and its associated fees, but to markedly increased costs from providing the leased feeds and third-party content that you are often charged for on a "per viewer" or "bandwidth used" basis.

It's not just sharing that's a problem, however, as any number of automated scripts are available to hackers that will facilitate what is known as a "brute force" attack, where the dictionary is literally thrown at your login page, in the hopes that a matching user/pass combo will be found. While I'm simplifying what can be a very subtle and sophisticated process of attack, the result is the same: everything slows down for legitimate users and you are stuck with the bill.

Regardless of how, why or where your member's logins are being shared, or the number of times hackers have attempted to "guess" their way in to your protected member's area, it behooves paysite operators of all sizes to take some defensive measures against these costly assaults; and one of the leading solutions to accomplish this goal is that provided by Phantom Frog.

What separates Phantom Frog from many of its competitors is its range of features, which not only provide the basic essentials of password protection, but also offers time-saving Automated Member Support tools that make it easier for paysite owners to keep their customers happy and returning for more.

For example, whereas some systems will simply block abused passwords and prevent what may be a legitimate member from entering your site, Phantom Frog can disable the problem login and provide an interface for legitimate users to retrieve a new password, without having to deal directly with the billing company. Phantom Frog does this by providing a customizable, template-driven interface that hooks into several of the most popular third-party billing platforms, such as CCBill, NetBilling, Epoch, 2000Charge, Jettis, 365Billing, Electracash and more, as well as being fully integrated with cascading billing and affiliate management solutions such as MPA3 and NATS, allowing for easy, automatic updating of member login information.

Additionally, daily bandwidth limits can be set on a per-user basis, preventing members from draining server resources and slowing down your website's performance through their use of automatic downloading tools.

While competitive systems rely on monitoring password trading sites, or simply counting IP addresses, which is problematic when dealing with proxy servers or users on dial-up connections with new IP addresses with each session, what truly makes Phantom Frog so effective is the means by which it detects fraudulent access attempts and password abuse.

Using an exclusive geo-IP tracking system that performs 15 different tests, including the analysis of a user's country, state, city, latitude and longitude, users in different locations that are attempting to share login information are easily identified. A "travel velocity" calculation helps protect legitimate travelers from being wrongfully flagged: for example, if a login occurs in Los Angeles at 8:00 am, a legitimate login could reasonably occur at 11:00 am in San Diego — but if it occurs at that time in Moscow, the travel velocity will have been exceeded and the access attempt blocked.

Logging into the Phantom Frog admin system provides a summary of password abuse that shows the number of member accounts being tracked; the number and percentage of those accounts that have been flagged as being abused; the number of abuse alerts that have been issued; and each member's login history — an especially useful function for dealing with "friendly fraud" claims that include a member's denial of accessing the site.

Other screens show blocked members, listing the date and reason for their blockage and providing a manual option for unblocking the account. Ignored members – such as house accounts that are manually set to be monitored but not acted upon, are also listed, as are the IP addresses that have been blocked by the system.

A member search function and ability to associate email addresses with individual users are also provided, enhancing a site owner's ability to manage customer service in-house.

Context-sensitive help screens and the availability of support from the script's author, including installation, make the learning curve as flat as can be — an added bonus.

While this article is not meant to be an exhaustive listing of every one of Phantom Frog's benefits and features, prospective users can download a free trial of the software at the company's website and evaluate the feature set on their own system. Installation involves uploading a single file to the member's area root directory and adding a single snippet of code to the member's area home page. A quick email to the software's author will get you a thorough guided tour of the admin area and operational procedures via telephone.

Given the severity of the problem of password abuse and the negative financial impact it makes on your bottom line, giving Phantom Frog a try makes sense for paysite operators of all sizes. Give it a try and see for yourself!


More Articles


Q&A: Vera Sky Dons the Crown for 2017 XBIZ Best Cam Model

Alejandro Freixes ·

Why It Pays When Cam Models Block Cyberbullies

Mia Saldarriaga ·

Casey Heart Talks Cam Past, Future

Casey Heart ·

Less Is More for Live Cam Member Promotions

Steve Hamilton ·

Melody Kush Dishes on Camming Career

Melody Kush ·

WIA Profile: Laurie Biviano

Women In Adult ·

Jules Jordan's Ezra Kamer Pushes Boundaries of Tech

Rhett Pardon ·

Paysites Innovate to Maintain Competitive Edge

Stephen Yagielowicz ·
Show More