research

Strongbox


What is Strongbox?

Strongbox is a software that protects websites from stolen passwords, password sharing, brute force attacks.
strongbox

Strongbox Support and Contact Information

  • Website users/subscribers, please contact customer service at the website you signed up.
    • We provide security solutions to protect websites, but we do not manage any webpage or provide customer support for website subscribers, sorry.
  • Webmasters/Website Owners/Server Administrators, please use this email address: strongbox@comglobalit.com
    • Please renew your support agreement for the site you ask support for, read below the support details.

Who should use Strongbox?

Any organization that requires a secure authentication (a secure login page).

Strongbox is designed for websites that require a secure login system, especially when there are customers that pay for access premium content like

  • Online News Subscriptions (Newspapers and Magazines)
  • Financial Institutions (Internet Banking).
  • Paid Software Companies.
  • Digital Media.
  • Virtually any website with a “My account” section where it is important that only one person can get access to it.

Strongbox Features and Benefits

  • Replaces insecure login systems like Apache’s basic authentication with a strong protection.
  • Provides a customizable login page with instructions for your users.
  • Protects web applications and their subscribers from brute force attacks (thousands of username & password guessing by hackers from lots of locations, incredibly quickly, causing serious problems like slow/down websites or data breaches).
  • Allows webmasters restrict logins by country.
  • Stops account sharing: it suspends usernames if they are used from several locations (different networks or countries).
  • Secure Single Sign-On (SSO): secure links between Strongbox protected websites.
  • Webmaster and developer friendly.
  • It uses an optional advanced Human Verification system (CAPTCHA), that appears only after a login failure occurs.
  • Provides a web Interface for webmasters for Reports and Member Management.

Order a Strongbox License Now

Get a NEW Strongbox License for 1 site

  • License price: $299.99 one time + optional $99.99/year support agreement
  • We take care of the installation
  • Strongbox Licenses are valid forever, we advise to get the support agreement

Domain
Notes


 

Upgrade a Strongbox License from an old version

  • Upgrade price: $169.99 one time + optional $99.99/year support agreement
  • We take care of the upgrade/reinstallation
  • Strongbox Licenses are valid forever, we advise to get the support agreement

Domain
Notes


 

Support for current customers

Strongbox Support Agreement

  • It’s like an insurance policy
    • pay a low price per year for each site to avoid unexpected support costs
    • the agreement is not required to get support, just pay a per hour rate, see below
  • It covers one site/domain.
    • Get one agreement for each Strongbox protected site.
  • It covers support directly related to Strongbox
    • We’ll be happy to help you diagnosing problems that affect Strongbox but are caused by something else (server problem, hacked files, etc), but if support is needed beyond our products (such as server-related issues, security breach, or malfunction of 3rd party systems like processor scripts or databases) we will offer this extra support for a fee and request authorization to issue an invoice to avoid unexpected charges.
  • 1 re-installation per year is covered by our Support Agreement.
  • Basic email based support included

Domain
Notes




Support Hours

  • $50 per hour, $25 minimum.

Strongbox Documentation

( We’re still moving content from bettercgi.com/strongbox/ )

What is a Brute Force Attack?

“Brute force” describes an attack in which many thousands of possible username/password combinations are attempted very quickly.

This type of attack will often compromise a site protected with basic username / password pairs. This is particularly true because hackers use lists that include very predictable user names such as admin with thousands of likely passwords. To prevent a brute force attack from succeeding, the traditional advice has been to choose long, difficult to guess (and difficult to remember) user names and passwords such as “8x!O;9&)Mej9g$C”. Even if all your subscribers did use such passwords, preventing a compromised password is not enough. Looking over server logs, we’ve seen that failed attacks are fairly common. Because the attack may or may not compromise any passwords, the site owner often is none the wiser. But you may notice a drop in sales or more customer complaints as your server is significantly overloaded during the course of an attack. One popular web host advised us that failed brute force attacks regularly “bring servers to their knees”. For that reason, you need to prevent a brute force attack, along with it’s effects on your server, from ever occurring. If it does occur, you need to keep the attacker from using up all of your server resources in the process. the Strongbox security system provides both technology to discourage anyone from even attempting such an attack and a defense against the crippling overload if they attack anyway. To be precise, strongbox uses a 52 bit session ID. If an attacker were to send your server 100 requests per second, they could expect to correctly guess one the Strongbox security system session ID after 1,425,000 years of trying.

What is Password Sharing?

It is when a customer shares their credentials with other people, Strongbox will suspend accounts that log in from lots of places, and send an email notification to the webmaster.

Single Sign-On with Secure Cross-Site Links

The Strongbox security system also allows you to link between sites securely. That is, you can have links in the members section of one domain that can securely bring your members to the members section of another domain, which may be on a different server. Invulnerable to “referrer spoofing”.

Anti-Slurp

The Strongbox security system is also designed to allow easy integration of a script to protect against “slurping”, or bulk downloading of your whole site.

Imagine if this happened in the offline world: somebody breaking into a store, stealing all of the merchandise, the display racks, signs, etc. and using it all to open an identical store across the street. Yet, many webmasters allow this to happen to them and don’t do anything to prevent it.

Reporting and Member Management Module

This module provides reports of the most active users over any chosen time period, the most active usernames, etc. You can look up any username to see the exact times, dates, and IPs when they logged in to your site. You can also see what the Strongbox security system determined about the attempted logins. If a username or IP range is suspended or disabled you’ll be able to see exactly why. This is also helpful with users who claim to have never used your site and ask for a refund. More than once the Strongbox security system webmaster has had a hearty laugh as they emailed a user a complete record of the 22 times the person “used” the site over the last 5 weeks. The users generally apologize and comment on how much they really do like the site. This module also shows any errors that may have occurred, to help in resolving customer complaints.

Strongbox References and Testimonials

I have been using Strongbox on sites now for several years and have found it effective, secure and economical to purchase. Support from the staff, though seldom needed, has been very helpful and, because it also includes an annual upgrade to the software, the support contract is well worth the money. StrongBox is an effective product that I recommend to all my clients who need cost-effective protection for members areas.

A.J., AegeanSoft Web Publishing

I have recommended the StrongBox system to several clients to help protect their sites against password sharing and other attack vectors. All have reported their satisfaction with the system.”

Andrew J., Owner, Retiarius Internet Design

I can say without hesitation that it is a rare pleasure in any kind of business these days to encounter people who have such a thorough knowledge of the product and service they sell, and who also listen carefully and respond intelligently to the specific needs of their customers.”

Aristide Jean-Baptiste, Webmaster
tools
jobs