I hope this isn't considered off-topic. :-) Does anyone else on the list deal with, or have customers who use, ccbill? Two of my customers have had negative experiences with them recently, one related to their customer-side CGI script(s). CCBill has not been cooperative in providing me with any kind of documentation on their data schema, but realistically both customers need to move away from CCBill's script to something more robust. Customer A has serious problems with people subscribing with "guessable" passwords, or passwords that are published to password-trading websites frequently. They actually get visitors to their site that have found them by typing "ccbill passwords" into search engines, and so forth. They then have the same 3 or 4 passwords being used from -hundreds- of differing domainnames, by most likely hundreds or thousands of different persons. We have started deleting the abused accounts but the real solution is to stop allowing customers to choose their own (initial?) passwords. Customer B has a larger problem. She now believes CCBill has caused her account username and password (which she had to share with CCBill to have them setup their service) to become compromised. It is possible her suspicion is correct. Has anyone else had customer accounts which turned over passwords to CCBill become compromised recently? I would think more than one password would be stolen from them, and thus this would not remain an isolated incident. Either way, CCBill has begun to genuinely scare me. These folks deal with, on a daily basis, thousands of peoples' credit card numbers and other individualized non-public information, and from my dealings with them over the past week and a half, they are grossly underqualified to do so. Does anyone else use CCBill, and if so have you had differing experiences? How about with other companies that provide similar products? --- Jeff S Wheeler [EMAIL PROTECTED] Software Development Five Elements, Inc. http://www.five-elements.com/~jsw/ 502-339-3527 Office -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
