Fitty expired logins:disgust

What they did was find the CCBill log file, which contained usernames but no passwords. They'd then compare those usernames against a list of previously cracked u/p pairs, for a more effective brute force attack. This shouldn't be happening now if your site was set up properly.

Hackers can still get your htpasswd file, which can be located anywhere. It's important that it located above the document root, and that you have no scripts running anywhere on your site that can return arbitrary files. Best to put the htpasswd file in an unusual location, and name it something unique. Consider using a stronger encryption on your htpasswd file, and to require customers to use passwords at least nine characters long (or provide them random usernames and passwords - but not the insanely unusable ones CCBill offers; use the passgen utility that Strongbox offers).

If you get confirmation emails be sure your email is secure. If your email account has been hacked they can look at all the confirmations, which by default have the username and password in them.

This is what everyone should be doing. Create your own database and don't rely on ccbills member file. Automatically terminate your members account on expiration and only renew it if CCBill writes to file with successful rebills.

The problem is not just rehauling your membership file each month but TOTALLY creates an inconvenience if you use any other billers, which, of course, you should be.

make sure your .htpasswd file permission is set to 666

i was having the exact same issue and each month i would have at least 50 extra members in my htpasswd file. it's hard to sell memberships when they're free...

at beginning of each month i ask for a new htpasswd file and compare it to what's on my server.

I also had this problem. Issue went on for months before it was caught. Of course it lowers sales... the people that paid for the site are the ones who will pay again. It is an issue of financially gargantuan losses :(

Hey I am still learning something new everyday.... regarding the htpassword file I was always under the impression it belonged somewhere in the ccbill folder or directory.

Today after reading this thread discovered that the htpassword file is located inside of members area? WOuld you consider this a standard/secure place for the file to be located.

Seems like its been there for almost a year now. Hope its not a dumb question

Your .htaccess file, to control access to that directory, is in your members area. The .htpasswd file, which contains the username:password pairs, as a precaution belongs outside any place where the Web server can get to it. For example:

Scripts can manage files outside the document root, but Apache (or other Web server software) can't serve files from there. It can only directly access files under public_html.

You have to make sure you have no badly written scripts that can serve up arbitrary files. For example, having some PHP script in a page that can display just any file on your server is a bad thing. Some poorly written Pic-Of-The-Week scripts were like this.

I see the difference now thanks for the clarity:)

You should take a peak at your ccbill log file that the cgi file writes to. If there is a REMOVE log entry for a username that is still in your htpasswd file then something is wrong with your cgi file / server settings. If there is no REMOVE entry for a username that expired, it could very well be a temporary routing issue where CCBill couldn't load the cgi file to remove the account. Have you had any server outages lately that could be related? But yah you should have your password files rebuilt every so often to make sure you are not giving away to many freebies.