Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools |
12-21-2007, 03:05 AM | #1 |
Confirmed User
Industry Role:
Join Date: Sep 2001
Location: North America
Posts: 2,016
|
Paycom or NATS spamming our members?
Okay, I'm not here to start shit... but I'm tired of receiving emails from members saying they started receiving junk mail / spam just after signup up to our paysite.
We never used our member's email addresses. The only other parties collecting that information is the processor (Paycom in this case) and NATS (the software connected to our member's database information). This is the latest email received: I can't believe you would be so stupid as to sell/give my email address to spammers. That's just business suicide. We took out one month membership last month and immediately started receiving spam to the dedicated email address I used when signing up. So there's NO OTHER WAY anyone else could have that address. Luckily, I can just filter it but you're a bunch of cocks for doing it all the same. The email really is dedicated. It is something like: [email protected] So I have to believe it now. What the hell I'm supposed to do?
__________________
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." -Hunter S. Thompson |
12-21-2007, 03:52 AM | #2 |
Confirmed User
Industry Role:
Join Date: Aug 2006
Location: Denmark
Posts: 1,268
|
ohh ouch, that one is not good.
No chance for a hack somewhere to get that email list from you server?
__________________
Email# rasmus(you*know)porndiscounts.com |
12-21-2007, 03:53 AM | #3 |
best designer on GFY
Join Date: Mar 2003
Location: IALIEN.COM - High Definition Video and Photographic Productions -ICQ 78943384
Posts: 30,307
|
Very interesting.
I have suspected this for some time now.
__________________
NAKED HOSTING FTW!11 I'm On The INSANE PLAN $9.95/mo! | The Alien Blog Adult News Worth Reading Updated Daily | Content For Sale! 641 PICS 216 MINUTES OF VIDEO $350.00 |ICQ: 78943384 | |
12-21-2007, 03:57 AM | #4 |
So Fucking Banned
Join Date: Feb 2007
Posts: 1,790
|
|
12-21-2007, 03:58 AM | #5 |
So Fucking Banned
Join Date: Feb 2007
Posts: 1,790
|
Or your information has been compromised internally. Did they send details of the spam they are receiving?
|
12-21-2007, 04:00 AM | #6 |
Too lazy to set a custom title
Join Date: Mar 2002
Location: Australia
Posts: 17,373
|
|
12-21-2007, 04:03 AM | #7 |
So Fucking Banned
Join Date: Feb 2007
Posts: 1,790
|
|
12-21-2007, 04:04 AM | #8 | |
Confirmed User
Industry Role:
Join Date: Sep 2001
Location: North America
Posts: 2,016
|
Quote:
This can be done by a tech I guess...
__________________
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." -Hunter S. Thompson |
|
12-21-2007, 04:04 AM | #9 |
Pounding Googlebot
Industry Role:
Join Date: Aug 2002
Location: Canada
Posts: 34,366
|
Is your postback directory / folder from your transactions secure/locked down?
WG
__________________
I play with Google. |
12-21-2007, 04:07 AM | #10 | |
Confirmed User
Industry Role:
Join Date: Sep 2001
Location: North America
Posts: 2,016
|
Quote:
Hopefully I will get an answer, but I'm not sure since he left the message via our member area messaging center and his membership expires tomorrow. The email provided is the [email protected] so I'm not sure he will check it out.
__________________
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." -Hunter S. Thompson |
|
12-21-2007, 04:20 AM | #11 | |
Confirmed User
Industry Role:
Join Date: Sep 2001
Location: North America
Posts: 2,016
|
Quote:
Postback URL: http://your.paysite.com/signup/process_epoch.php which is not really protected... but I dunno, if it's that easy to hack that, why is NATS installing all their copies that way? I don't have a high-profile paysite in the first place. We have no affiliates, etc. I'm not sure the email infos are going through the postback either. Epoch's DataPlus uses GRANT commands on the NATS database tables, but is limited by Epoch's IP range (208.236.105.%) and unique username/password.
__________________
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." -Hunter S. Thompson |
|
12-21-2007, 04:27 AM | #12 | |
Confirmed User
Industry Role:
Join Date: Aug 2006
Location: Denmark
Posts: 1,268
|
Quote:
I hope you can find a trace somewhere to get this sorted, can cost a lot of members very quickly Best of luck
__________________
Email# rasmus(you*know)porndiscounts.com |
|
12-21-2007, 04:59 AM | #13 |
Confirmed User
Industry Role:
Join Date: Aug 2001
Location: Scotland
Posts: 2,237
|
Have had the exact thing happen to me. 3 members with unique addresses have complained in the last 3 months. My mysql db is not accessible via the net so I'm pretty certain it was a hack job. We limit outside writes to the database from epoch via port forwarding on their IP range.
Something is well fishy and it would be nice to find out the who, how and why of this situation. Well, maybe not the why but the who and how would be nice ....
__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. |
12-21-2007, 05:12 AM | #14 | |
Confirmed User
Industry Role:
Join Date: Aug 2001
Location: Scotland
Posts: 2,237
|
Quote:
My mysql db is not accessible via the net so I'm pretty certain it was "NOT" a hack job.
__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. |
|
12-21-2007, 07:35 AM | #15 |
Confirmed User
Join Date: Nov 2004
Location: On Uranus
Posts: 4,526
|
OH OH I've heard of things like this going on. Not good.
__________________
SEO Strategy - Digital Strategy - Cannabis Lead Generation Skype aj.durden1 |
12-21-2007, 07:40 AM | #16 |
Confirmed User
Join Date: May 2006
Location: http://www.neonasty.com
Posts: 2,107
|
Let us know when you get more info!
|
12-21-2007, 07:42 AM | #17 |
MFBA
Industry Role:
Join Date: Mar 2003
Location: PNW
Posts: 7,230
|
NATS uses smarty and there are known exploits to smarty.
does your members area use any open source software? or on any of your servers whose IP is allowed into the nats database have any? here is a scenario.... Open source forum/ticket/gallery software in members area(or on any other server) with a known exploit. maybe this exploit allows a hacker to upload code to your server, that code could allow a hacker to read every file on your system(along with anything else they might want to do), thus allowing them to find your DB settings. with those he can write his own script to read your entire database and print it out, email it, or otherwise return it to him. said hacker then uses said database info to make money spamming your members. so next time you think its NOT a hack job you might want to think again. until you understand how hackers work and how they get in, move around, get what they want and get out, you cant rule them out. doing so is just frankly silly. don't be so secure in your superiority. |
12-21-2007, 07:43 AM | #18 |
MFBA
Industry Role:
Join Date: Mar 2003
Location: PNW
Posts: 7,230
|
furthermore why would paycom want to steal an email list from you, they already get 10-15% off the top, why risk a cash cow to start spamming?
think a little harder people, it wont hurt you, i sware. |
12-21-2007, 09:01 AM | #19 |
Confirmed User
Industry Role:
Join Date: Aug 2001
Location: Scotland
Posts: 2,237
|
I never said it was specifically paycom OR NATS, but there is a likelihood that their systems in conjunction have a leak. It's not beyond the realm of possibility.
As I've already mentioned my db server is not web accessible directly. It's ironic that your post implores us not to be secure in our superiority while it make you come across as thinking you're superior in your thinking.
__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. |
12-21-2007, 10:14 AM | #20 |
Confirmed User
Join Date: Aug 2001
Posts: 301
|
I am having the same problem but I can eliminate a few theories here.
I took the nats join form off of my join page for a long time. So no user information such as email was passed from that page. Email was only collected by epoch and posted back to nats. I was still getting spam complaints. I changed servers and checked for any evidence of a hack and found nothing. I was still getting spam complaints. No open source in the members area. For a while my entire site was html only. Tour and members area was basic html. No software running it except for a few years ago when I started with nats. I don't remember if this happened before I had nats but I could be wrong. I would need to search through member emails to check. I can think of a few things that this might be. First, someone might be hacking into my nats and getting the email addresses. It could be an employee from epoch. Or it could be an employee from nats. I disabled the nats admin account. I am the only one with admin access in nats now. It occurred to me that if it is an employee at nats then the admin account they set up would be the easiest way in. I am not saying that this is what is happening but I am taking this precaution.
__________________
TeenPinkVideos.com AdultMillionaire.com Looking for serious affiliates. 60% revshare Click Here contact me: joe at teen pink videos dot com |
12-21-2007, 10:50 AM | #21 |
Confirmed User
Industry Role:
Join Date: May 2004
Posts: 6,658
|
If you use NATS and your members are being spammed it is most likely one of two possibilities. Your server has somehow been compromised and people are grabbing the info directly off your server or someone has compromised an admin password to your system. There are of course other possibilities but these are the most likely scenarios.
You are not required to maintain an admin password for TMM to use. You are more than welcome to change this password to whatever you wish and grant us access only when it is needed upon your approval. Changing of all admin passwords on a regular basis is a highly recommended security practice. Also, we have recently implemented remote security logging for admin accesses. You can now have the ability to log all admin accesses, IP addresses, and actions to a local or remote server location. If you are interested in setting this up please submit a support ticket and we will be glad to assist you. This does not send any data to our servers, it can be setup to log directly to anywhere you like. Server and software security is an extremely important and complicated issue. We are always doing all we can to protect your data and ours.
__________________
Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS! |
12-21-2007, 11:42 AM | #22 |
Confirmed User
Industry Role:
Join Date: Aug 2003
Location: Charleston, SC
Posts: 2,468
|
Check the IP that has been logging in to the admin with the NATS username and password. (click the small icon that looks like a clock on the admin resellers page next to the nats admin user).
We had a simmilar problem with that username and password being compromised.
__________________
http://www.3dsex.com |
12-21-2007, 12:18 PM | #23 | |
Confirmed User
Industry Role:
Join Date: Sep 2001
Location: North America
Posts: 2,016
|
Quote:
Admin Status: Fred Schank (US) [email protected] Username: naWKasoplJwA74 Password: unknown Log times: 67.19.188.250 - 2007-12-21 10:31:41 67.19.188.250 - 2007-12-21 04:31:28 67.19.188.250 - 2007-12-20 22:31:28 67.19.188.250 - 2007-12-20 19:35:26 67.19.188.250 - 2007-12-20 16:31:38 67.19.188.250 - 2007-12-20 10:31:38 67.19.188.250 - 2007-12-20 04:32:03 67.19.188.250 - 2007-12-19 22:31:38 67.19.188.250 - 2007-12-19 19:37:03 67.19.188.250 - 2007-12-19 16:32:12 67.19.188.250 - 2007-12-19 10:32:09 67.19.188.250 - 2007-12-19 04:32:08 67.19.188.250 - 2007-12-18 22:32:08 67.19.188.250 - 2007-12-18 18:49:51 67.19.188.250 - 2007-12-18 16:31:52 67.19.188.250 - 2007-12-18 10:31:52 69.94.70.187 - 2007-12-18 04:31:55 65.110.53.100 - 2007-12-17 18:46:41 65.110.53.100 - 2007-12-17 16:31:57 65.110.53.100 - 2007-12-17 10:31:58 65.110.53.100 - 2007-12-17 04:31:58 65.110.53.100 - 2007-12-16 18:47:47 65.110.53.100 - 2007-12-16 16:31:58 65.110.53.100 - 2007-12-16 10:31:57 65.110.53.100 - 2007-12-16 04:31:58 65.110.53.100 - 2007-12-15 22:31:58 65.110.53.100 - 2007-12-15 18:47:17 65.110.53.100 - 2007-12-15 16:27:13 65.110.53.100 - 2007-12-15 10:27:25 65.110.53.100 - 2007-12-15 04:27:14 65.110.53.100 - 2007-12-15 02:44:20 0.0.0.0 - 2007-12-14 04:32:04 0.0.0.0 - 2007-12-13 22:32:04 0.0.0.0 - 2007-12-13 18:45:36 0.0.0.0 - 2007-12-13 16:32:04 0.0.0.0 - 2007-12-13 10:32:05 0.0.0.0 - 2007-12-13 04:32:03 0.0.0.0 - 2007-12-12 22:32:04 0.0.0.0 - 2007-12-12 18:45:43 0.0.0.0 - 2007-12-12 16:31:57 0.0.0.0 - 2007-12-12 10:31:58 0.0.0.0 - 2007-12-12 04:31:57 0.0.0.0 - 2007-12-11 22:31:57 0.0.0.0 - 2007-12-11 18:44:32 0.0.0.0 - 2007-12-11 16:31:47 0.0.0.0 - 2007-12-11 10:31:47 0.0.0.0 - 2007-12-11 04:31:50 0.0.0.0 - 2007-12-10 22:31:59 0.0.0.0 - 2007-12-10 18:47:36 0.0.0.0 - 2007-12-10 16:31:35 0.0.0.0 - 2007-12-10 10:31:38 0.0.0.0 - 2007-12-10 04:31:35 0.0.0.0 - 2007-12-09 22:31:36 0.0.0.0 - 2007-12-09 18:43:34 0.0.0.0 - 2007-12-09 16:31:49 0.0.0.0 - 2007-12-09 10:31:41 0.0.0.0 - 2007-12-09 04:32:16 0.0.0.0 - 2007-12-08 22:32:24 0.0.0.0 - 2007-12-08 18:43:42 0.0.0.0 - 2007-12-08 16:32:51 0.0.0.0 - 2007-12-08 10:32:41 0.0.0.0 - 2007-12-08 04:32:52 0.0.0.0 - 2007-12-07 22:32:39 0.0.0.0 - 2007-12-07 18:41:42 0.0.0.0 - 2007-12-07 16:32:41 0.0.0.0 - 2007-12-07 10:32:32 0.0.0.0 - 2007-12-07 04:32:43 0.0.0.0 - 2007-12-06 22:32:34 0.0.0.0 - 2007-12-06 18:46:03 0.0.0.0 - 2007-12-06 16:32:27 0.0.0.0 - 2007-12-06 10:32:42 0.0.0.0 - 2007-12-06 04:32:28 0.0.0.0 - 2007-12-05 22:32:25 0.0.0.0 - 2007-12-05 18:44:41 0.0.0.0 - 2007-12-05 16:32:56 0.0.0.0 - 2007-12-05 10:32:53 0.0.0.0 - 2007-12-05 04:32:38 0.0.0.0 - 2007-12-04 22:32:41 0.0.0.0 - 2007-12-04 18:43:25 0.0.0.0 - 2007-12-04 16:32:38 0.0.0.0 - 2007-12-04 10:32:31 0.0.0.0 - 2007-12-04 04:32:33 0.0.0.0 - 2007-12-03 22:32:31 0.0.0.0 - 2007-12-03 18:44:33 0.0.0.0 - 2007-12-03 16:32:31 0.0.0.0 - 2007-12-03 10:32:41 0.0.0.0 - 2007-12-03 04:32:29 0.0.0.0 - 2007-12-02 22:32:31 0.0.0.0 - 2007-12-02 18:50:51 0.0.0.0 - 2007-12-02 16:32:29 0.0.0.0 - 2007-12-02 10:32:28 0.0.0.0 - 2007-12-02 04:32:24 0.0.0.0 - 2007-12-01 22:32:32 0.0.0.0 - 2007-12-01 18:43:42 0.0.0.0 - 2007-12-01 16:32:40 0.0.0.0 - 2007-12-01 10:32:45 0.0.0.0 - 2007-12-01 04:32:38 0.0.0.0 - 2007-11-30 22:32:38 0.0.0.0 - 2007-11-30 18:39:27 0.0.0.0 - 2007-11-30 16:32:43 0.0.0.0 - 2007-11-30 10:32:42 0.0.0.0 - 2007-11-30 04:32:49 0.0.0.0 - 2007-11-29 22:32:45 0.0.0.0 - 2007-11-29 18:41:54 0.0.0.0 - 2007-11-29 16:51:43 0.0.0.0 - 2007-11-28 18:40:13 0.0.0.0 - 2007-11-27 18:38:00 0.0.0.0 - 2007-11-26 20:36:23 0.0.0.0 - 2007-11-26 18:37:42 67.84.12.95 - 2007-11-26 13:17:26 67.84.12.95 - 2007-11-26 12:22:43 67.84.12.95 - 2007-11-26 12:12:53 Every few hours like clockwork... I can tell you this account has been removed pretty quickly. I hope this resolve the situation. Thanks you all for your support and answers. Happy Holidays!
__________________
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." -Hunter S. Thompson |
|
12-21-2007, 12:25 PM | #24 | ||
Confirmed IT Professional
Industry Role:
Join Date: Nov 2005
Location: Hollywood, CA
Posts: 3,744
|
Quote:
Quote:
Code:
$variable = mysql_real_escape_string($variable);
__________________
The Best Affiliate Software, Ever. |
||
12-21-2007, 12:40 PM | #25 | |
Confirmed User
Industry Role:
Join Date: Mar 2007
Posts: 7,771
|
Quote:
When I did test signups for some programs I used a unique email address for each and they sent me spam also. So this is real and not just isolated to your website. All signups I did were thru NATS but I'm not sure exactly which processor was connected.
__________________
|
|
12-21-2007, 12:49 PM | #26 |
ICQ: 197-556-237
Join Date: Jun 2003
Location: BRASIL !!!
Posts: 57,559
|
Any replies from them???
__________________
I'm just a newbie. |
12-21-2007, 01:00 PM | #27 | |
Pounding Googlebot
Industry Role:
Join Date: Aug 2002
Location: Canada
Posts: 34,366
|
Quote:
Wow, not just compromised, but by the logtimes it seems whoever it was had wrote a script to login every few hours to do whatever they did. Quite the operation. Any idea how the login was compromised? WG
__________________
I play with Google. |
|
12-21-2007, 01:14 PM | #28 |
Confirmed User
Join Date: Feb 2006
Location: In a dream
Posts: 1,955
|
Just looked at log from
Fred Schank (US) [email protected] 67.19.188.250 - 2007-12-21 10:21:34 67.19.188.250 - 2007-12-21 04:21:30 67.19.188.250 - 2007-12-20 22:21:30 67.19.188.250 - 2007-12-20 18:00:47 67.19.188.250 - 2007-12-20 16:21:30 67.19.188.250 - 2007-12-20 10:21:30 67.19.188.250 - 2007-12-20 04:21:31 67.19.188.250 - 2007-12-19 22:21:30 67.19.188.250 - 2007-12-19 18:00:55 WTF Just deleted it |
12-21-2007, 01:19 PM | #29 |
Confirmed User
Industry Role:
Join Date: May 2004
Posts: 6,658
|
If you find unusual login activity please contact us by submitting a ticket. Thank you.
__________________
Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS! |
12-21-2007, 01:21 PM | #30 |
Confirmed User
Join Date: Feb 2002
Location: Porn Central - California
Posts: 3,221
|
That ip resolves to
------------------------ rapidnetuk.com - mail only domain. www.slinky.co.uk SSL Certificate has expired. NameServer: NS1.THEPLANET.COM NameServer: NS2.THEPLANET.COM
__________________
Sean Holland Vice President OrbitalPay / Global Electronic Technology (GET) SKYPE: iam.sean ::: sholland at orbitalpay.com 888-775-1500 |
12-21-2007, 01:24 PM | #31 | |
Confirmed User
Join Date: May 2006
Location: Tampa
Posts: 5,827
|
Quote:
nauD44y59hP1lC Fred Schank (US) [email protected] 67.19.188.250 - 2007-12-21 10:03:39 67.19.188.250 - 2007-12-21 04:03:27 67.19.188.250 - 2007-12-20 22:03:23 67.19.188.250 - 2007-12-20 19:36:25 67.19.188.250 - 2007-12-20 16:03:37 67.19.188.250 - 2007-12-20 10:03:40 67.19.188.250 - 2007-12-20 04:04:06 67.19.188.250 - 2007-12-19 22:03:48 67.19.188.250 - 2007-12-19 19:38:29 67.19.188.250 - 2007-12-19 16:04:23 67.19.188.250 - 2007-12-19 10:04:24 67.19.188.250 - 2007-12-19 04:04:26 67.19.188.250 - 2007-12-18 22:04:30 67.19.188.250 - 2007-12-18 18:50:57 67.19.188.250 - 2007-12-18 16:04:28 67.19.188.250 - 2007-12-18 10:04:31 69.94.70.187 - 2007-12-18 04:04:37 65.110.53.100 - 2007-12-17 18:32:26 65.110.53.100 - 2007-12-17 16:04:56 65.110.53.100 - 2007-12-17 10:05:00 65.110.53.100 - 2007-12-17 04:05:03 65.110.53.100 - 2007-12-16 18:25:39 65.110.53.100 - 2007-12-16 16:05:05 65.110.53.100 - 2007-12-16 10:05:07 65.110.53.100 - 2007-12-16 04:05:11 65.110.53.100 - 2007-12-15 22:05:14 65.110.53.100 - 2007-12-15 18:25:23 65.110.53.100 - 2007-12-15 16:00:27 65.110.53.100 - 2007-12-15 10:01:01 65.110.53.100 - 2007-12-15 04:00:38 65.110.53.100 - 2007-12-15 02:26:05 0.0.0.0 - 2007-12-14 04:05:48 0.0.0.0 - 2007-12-13 22:05:51 0.0.0.0 - 2007-12-13 18:23:50 0.0.0.0 - 2007-12-13 16:05:44 0.0.0.0 - 2007-12-13 10:05:50 0.0.0.0 - 2007-12-13 04:05:51 0.0.0.0 - 2007-12-12 22:05:54 0.0.0.0 - 2007-12-12 18:36:51 0.0.0.0 - 2007-12-12 16:06:02 0.0.0.0 - 2007-12-12 10:06:06 0.0.0.0 - 2007-12-12 04:06:10 0.0.0.0 - 2007-12-11 22:06:13 0.0.0.0 - 2007-12-11 18:23:38 0.0.0.0 - 2007-12-11 16:05:55 0.0.0.0 - 2007-12-11 10:05:58 0.0.0.0 - 2007-12-11 04:06:13 0.0.0.0 - 2007-12-10 22:06:26 0.0.0.0 - 2007-12-10 18:29:17 0.0.0.0 - 2007-12-10 16:06:01 0.0.0.0 - 2007-12-10 10:06:11 0.0.0.0 - 2007-12-10 04:06:13 0.0.0.0 - 2007-12-09 22:06:18 0.0.0.0 - 2007-12-09 18:22:13 0.0.0.0 - 2007-12-09 16:06:28 0.0.0.0 - 2007-12-09 10:06:18 0.0.0.0 - 2007-12-09 04:07:04 0.0.0.0 - 2007-12-08 22:07:15 0.0.0.0 - 2007-12-08 18:35:34 0.0.0.0 - 2007-12-08 16:07:34 0.0.0.0 - 2007-12-08 10:07:36 0.0.0.0 - 2007-12-08 04:07:35 0.0.0.0 - 2007-12-07 22:07:34 0.0.0.0 - 2007-12-07 18:41:05 0.0.0.0 - 2007-12-07 16:08:25 0.0.0.0 - 2007-12-07 10:08:23 0.0.0.0 - 2007-12-07 04:08:02 0.0.0.0 - 2007-12-06 22:08:07 0.0.0.0 - 2007-12-06 18:26:06 0.0.0.0 - 2007-12-06 16:07:51 0.0.0.0 - 2007-12-06 10:08:12 0.0.0.0 - 2007-12-06 04:08:16 0.0.0.0 - 2007-12-05 22:08:05 0.0.0.0 - 2007-12-05 18:28:41 0.0.0.0 - 2007-12-05 16:08:59 0.0.0.0 - 2007-12-05 10:08:55 0.0.0.0 - 2007-12-05 04:08:30 0.0.0.0 - 2007-12-04 22:08:57 0.0.0.0 - 2007-12-04 18:25:06 0.0.0.0 - 2007-12-04 16:09:01 0.0.0.0 - 2007-12-04 10:08:59 0.0.0.0 - 2007-12-04 04:09:01 0.0.0.0 - 2007-12-03 22:08:54 0.0.0.0 - 2007-12-03 18:27:43 0.0.0.0 - 2007-12-03 16:08:51 0.0.0.0 - 2007-12-03 10:09:16 0.0.0.0 - 2007-12-03 04:08:48 0.0.0.0 - 2007-12-02 22:08:55 0.0.0.0 - 2007-12-02 18:31:27 0.0.0.0 - 2007-12-02 16:08:55 0.0.0.0 - 2007-12-02 10:09:06 0.0.0.0 - 2007-12-02 04:08:59 0.0.0.0 - 2007-12-01 22:09:10 0.0.0.0 - 2007-12-01 18:24:36 0.0.0.0 - 2007-12-01 16:09:24 0.0.0.0 - 2007-12-01 10:09:31 0.0.0.0 - 2007-12-01 04:09:23 0.0.0.0 - 2007-11-30 22:09:27 0.0.0.0 - 2007-11-30 18:21:16 0.0.0.0 - 2007-11-30 16:09:43 0.0.0.0 - 2007-11-30 04:09:46 0.0.0.0 - 2007-11-29 22:09:51 0.0.0.0 - 2007-11-29 18:25:45 0.0.0.0 - 2007-11-29 16:28:33 0.0.0.0 - 2007-11-28 18:21:25 0.0.0.0 - 2007-11-27 16:53:24 0.0.0.0 - 2007-11-26 18:47:14 0.0.0.0 - 2007-11-26 16:53:22 0.0.0.0 - 2007-11-25 16:55:49 0.0.0.0 - 2007-11-25 14:43:40 0.0.0.0 - 2007-11-25 08:43:35 0.0.0.0 - 2007-11-25 02:43:30 0.0.0.0 - 2007-11-24 20:43:50 0.0.0.0 - 2007-11-24 16:55:06 0.0.0.0 - 2007-11-24 14:43:50 0.0.0.0 - 2007-11-24 08:43:50 0.0.0.0 - 2007-11-24 02:44:07 0.0.0.0 - 2007-11-23 20:43:56 0.0.0.0 - 2007-11-23 16:54:33 0.0.0.0 - 2007-11-23 14:44:07 0.0.0.0 - 2007-11-23 08:44:08 0.0.0.0 - 2007-11-22 16:56:39 0.0.0.0 - 2007-11-22 16:26:58 0.0.0.0 - 2007-11-22 04:32:10 0.0.0.0 - 2007-11-21 22:32:14 0.0.0.0 - 2007-11-21 18:21:13 0.0.0.0 - 2007-11-21 17:04:28 0.0.0.0 - 2007-11-20 16:55:38 0.0.0.0 - 2007-11-19 16:56:14 0.0.0.0 - 2007-11-18 16:53:57 0.0.0.0 - 2007-11-17 17:01:50 0.0.0.0 - 2007-11-17 13:29:47 0.0.0.0 - 2007-11-16 16:52:08 0.0.0.0 - 2007-11-15 16:56:51 0.0.0.0 - 2007-11-15 09:18:32 0.0.0.0 - 2007-11-15 06:57:29 0.0.0.0 - 2007-11-14 16:57:28 0.0.0.0 - 2007-11-13 16:59:12 0.0.0.0 - 2007-11-13 15:44:09 0.0.0.0 - 2007-11-12 17:00:58 0.0.0.0 - 2007-11-12 15:24:32 0.0.0.0 - 2007-11-12 05:31:30
__________________
Icq 247-742-205 |
|
12-21-2007, 01:27 PM | #32 |
Confirmed User
Join Date: Feb 2002
Location: Porn Central - California
Posts: 3,221
|
Holy shit there's 3 programs effected so far
__________________
Sean Holland Vice President OrbitalPay / Global Electronic Technology (GET) SKYPE: iam.sean ::: sholland at orbitalpay.com 888-775-1500 |
12-21-2007, 01:40 PM | #33 |
Confirmed User
Industry Role:
Join Date: Aug 2001
Location: Scotland
Posts: 2,237
|
make that 4, i have the same frank guy and the same IPs logging in.
John, a pattern is apparent here, why ask us each to contact you via support when the onus should be on TMM to contact us personally to make us aware and tell us what you intend to do about it?
__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. |
12-21-2007, 01:44 PM | #34 |
Confirmed User
Join Date: Feb 2002
Location: Porn Central - California
Posts: 3,221
|
Um..........................
This has been posted before?? https://gfy.com/fucking-around-and-business-discussion/671565-running-nats-block-ip-active-hacker.html https://gfy.com/fucking-around-and-business-discussion/779594-mpa-3-nats.html Theres a post on ADX to about the same issue to - John have you mass emailed your instals about this? This isn't new!
__________________
Sean Holland Vice President OrbitalPay / Global Electronic Technology (GET) SKYPE: iam.sean ::: sholland at orbitalpay.com 888-775-1500 |
12-21-2007, 01:46 PM | #35 | |
Confirmed User
Industry Role:
Join Date: May 2004
Posts: 6,658
|
Quote:
There are aprox. 400 - 500 NATS installs. Four are saying here they have had an issue and I would bet there are more being exploited by whoever this criminal is. It certainly does not mean every system has an issue. We are asking those who find an issue to contact us and deal directly with us. I am not going to go through and dissect a security issue here on GFY.
__________________
Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS! |
|
12-21-2007, 01:47 PM | #36 | |
Confirmed User
Industry Role:
Join Date: Mar 2007
Posts: 7,771
|
Quote:
I just decided not to name some sponsors I got spam from because I can not verify(with hard evidence) that it's not the sponsor themselves spamming.
__________________
|
|
12-21-2007, 01:48 PM | #37 |
Confirmed IT Professional
Industry Role:
Join Date: Nov 2005
Location: Hollywood, CA
Posts: 3,744
|
Makes you wonder what's really going on.
__________________
The Best Affiliate Software, Ever. |
12-21-2007, 01:48 PM | #38 | |
Too lazy to set a custom title
Industry Role:
Join Date: Feb 2003
Location: NJ
Posts: 13,323
|
Quote:
Exploit or inside job? Someone has to be familar with the NATS system to exploit that way.
__________________
ISeekGirls.com since 2005 |
|
12-21-2007, 01:52 PM | #39 |
Confirmed User
Join Date: Feb 2002
Location: Porn Central - California
Posts: 3,221
|
I just found another post about the same thing on JBM from Oct 07
__________________
Sean Holland Vice President OrbitalPay / Global Electronic Technology (GET) SKYPE: iam.sean ::: sholland at orbitalpay.com 888-775-1500 |
12-21-2007, 01:52 PM | #40 |
Confirmed User
Industry Role:
Join Date: May 2004
Posts: 6,658
|
One should be sure of themselves before making accusations like that.
__________________
Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS! |
12-21-2007, 02:06 PM | #41 | |
Too lazy to set a custom title
Industry Role:
Join Date: Feb 2003
Location: NJ
Posts: 13,323
|
Quote:
Actually, it was more of a jesting remark with a touch of irony.
__________________
ISeekGirls.com since 2005 |
|
12-21-2007, 02:10 PM | #42 | |
Confirmed IT Professional
Industry Role:
Join Date: Nov 2005
Location: Hollywood, CA
Posts: 3,744
|
Quote:
Geez, someone's on the defensive.
__________________
The Best Affiliate Software, Ever. |
|
12-21-2007, 02:12 PM | #43 | |
Confirmed User
Industry Role:
Join Date: May 2004
Posts: 6,658
|
Quote:
Its not being defensive. I don't appreciate people implying things, with a question mark or without, which they have no solid reason to believe as true.
__________________
Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS! |
|
12-21-2007, 02:13 PM | #44 |
Confirmed User
Join Date: Oct 2006
Location: up your sisters ass
Posts: 929
|
Wow! do we know how they got the user and pass to the admin?
__________________
Your momma was a ho!!! |
12-21-2007, 02:13 PM | #45 | |
..........
Industry Role:
Join Date: Aug 2004
Location: ..........
Posts: 41,918
|
Quote:
theres a couple scums here that hack affiliate databases for information. its well known who a few of them are. |
|
12-21-2007, 02:13 PM | #46 | |
Confirmed User
Join Date: Feb 2002
Location: Porn Central - California
Posts: 3,221
|
Quote:
John - Have you been alerted to this exploit in the past? It's been posted before here and on other boards. If you were aware, have you alerted your clients to sweep? This isn't about nats / paycom / mpa / ccbill etc - This is a serious exploit that is effecting peoples business's. If a member get spammed to all hell from a site he just joined... The trust between service and customer is gone. That member will not rebill nor return ever.
__________________
Sean Holland Vice President OrbitalPay / Global Electronic Technology (GET) SKYPE: iam.sean ::: sholland at orbitalpay.com 888-775-1500 |
|
12-21-2007, 02:15 PM | #47 |
Confirmed User
Join Date: Feb 2002
Location: Porn Central - California
Posts: 3,221
|
Out um
__________________
Sean Holland Vice President OrbitalPay / Global Electronic Technology (GET) SKYPE: iam.sean ::: sholland at orbitalpay.com 888-775-1500 |
12-21-2007, 02:17 PM | #48 | |
Confirmed IT Professional
Industry Role:
Join Date: Nov 2005
Location: Hollywood, CA
Posts: 3,744
|
Quote:
__________________
The Best Affiliate Software, Ever. |
|
12-21-2007, 02:18 PM | #49 | |
Confirmed User
Industry Role:
Join Date: May 2004
Posts: 6,658
|
Quote:
There will always be are various security issues with all softwares as well as issues with client's servers. Due to the install rate of NATS being far beyond any other affiliate software in this industry you are much more likely to hear about our issues than others.
__________________
Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS! |
|
12-21-2007, 02:19 PM | #50 |
Confirmed User
Industry Role:
Join Date: May 2004
Posts: 6,658
|
If you heard the false rumors I hear about my company on a nearly daily basis you would understand why I get extremely frustrated when I see people start them.
__________________
Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS! |