Paycom or NATS spamming our members? - Page 5 - GoFuckYourself.com

spacedog · 12-22-2007, 12:31 AM

Quote:

Originally Posted by crockett

Seems to me when looking at both of these together it appears there is a smoking gun here. I don't have access to that forum or know where it's at. Spacedog can you tell us what that post is in context too?

For all we know he could be talking about a cheerleader squad. I realise it's likely not that, so what was his post a response too?

The post is irrelevant.. He's talking about a video game.. screencap was only to show that he works for, or used to work for TMM/NATS.

He hasn't posted on that forum since august and then that freelance job thing in Sept.

Hacker or whoever is using his name or whatever.. who fucking knows

D · 12-22-2007, 01:28 AM

Good luck to all parties involved in getting this matter sorted out.

Doctor Dre · 12-22-2007, 02:23 AM

Quote:

Originally Posted by PBucksJohn

I'm sorry to hear that.

Did you hire a PR guy to answer all the previous questions too ?
Shit John, you're turning into a PR pro following all the rules
(That's a compliment btw)

V_RocKs · 12-22-2007, 02:37 AM

I finally just saw where someone accused their lead programmer of being a smoking gun... Now that is funny.

quantum-x · 12-22-2007, 02:40 AM

Fred is the lead programmer of CARMA and NATS at TMM.
It's probably normal that admin accounts are under his name, it would be the most logical. I don't think you can conclude that it's Fred that's doing it, simply because that's the name on the admin account.

As if you'd leave your full name on you own hack..

SmokeyTheBear · 12-22-2007, 02:44 AM

Quote:

Originally Posted by quantum-x

Fred is the lead programmer of CARMA and NATS at TMM.
It's probably normal that admin accounts are under his name, it would be the most logical. I don't think you can conclude that it's Fred that's doing it, simply because that's the name on the admin account.

As if you'd leave your full name on you own hack..

i think that would be a bit premature of a guess as well , but its obvious his account was compromised.

you would think as head programmer he might have built in some safeguard to keep his own account in check.. certainly not allowing it to login to multiple nats sponsors at the same time every few minutes and get data.

poto · 12-22-2007, 02:47 AM

good to see NATS is finally doing something to fix this for everyone...

it's a bit overdue tho...

kmanrox · 12-22-2007, 02:48 AM

i *may* have always been under the understanding that the processors sold off their email lists... i *may* have heard this from many webmasters that it *may* be an assumed occurence.. that's all i will say

*disclaim the above is not implying, implicating, suggesting or accusing anyone of doing anything uncuth or unlawful. the above is simply things one *may* have heard thru the 'grapevine'

AlienQ - BANNED FOR LIFE · 12-22-2007, 02:52 AM

Of course.

It was the lead admins account but it was not him and uhh uhh...

How Convenient!
If I knew that people were really that easy to pull one over on I would certainly be alot wealthier today.

ROFLMAO!

I mean NATS is a top notch crew it was just a glitch!

kmanrox · 12-22-2007, 02:54 AM

surely i cant the only one who may have hypothetically heard for years of the availablility of processor dbases for a hefty price?

will76 · 12-22-2007, 02:55 AM

Quote:

Originally Posted by quantum-x

Fred is the lead programmer of CARMA and NATS at TMM.
It's probably normal that admin accounts are under his name, it would be the most logical. I don't think you can conclude that it's Fred that's doing it, simply because that's the name on the admin account.

As if you'd leave your full name on you own hack..

One thing that surprised me was seeing that the guy was looking for side jobs on a rentacoder type site. I have 2 full time programmers i keep real busy. It just seemed odd to me that if he is the head guy he would have extra time on his hands to look for side jobs. Maybe I am the only one to think that but that was my opinion when i read that part.

stevo · 12-22-2007, 02:55 AM

Count me in too...

NATS was originally installed on my server in 2005. The account they created during the original install, is the one that got replaced by "Fred Schank".

I won't go into details or opinions, but if i remember correctly it was a very generic username/password that was probably easily cracked.

TheSenator · 12-22-2007, 02:58 AM

I nominate this thread for DRAMA of the year award.

quantum-x · 12-22-2007, 02:58 AM

Quote:

Originally Posted by AlienQ

Of course.

It was the lead admins account but it was not him and uhh uhh...

How Convenient!
If I knew that people were really that easy to pull one over on I would certainly be alot wealthier today.

ROFLMAO!

I mean NATS is a top notch crew it was just a glitch!

I'd trust you to be as stupid to sign your own name to a hack job. Hell, you'd probably put on your best myspace face and take a photo of yourself, grinning madly through the pain of your buttplug, giving a thumbs up.

Not everyone is a big of an arsehole as you are

will76 · 12-22-2007, 03:01 AM

Quote:

Originally Posted by TheSenator

I nominate this thread for DRAMA of the year award.

2007 or 2008 ?

Mutt · 12-22-2007, 03:05 AM

Quote:

Originally Posted by kmanrox

i *may* have always been under the understanding that the processors sold off their email lists... i *may* have heard this from many webmasters that it *may* be an assumed occurence.. that's all i will say

*disclaim the above is not implying, implicating, suggesting or accusing anyone of doing anything uncuth or unlawful. the above is simply things one *may* have heard thru the 'grapevine'

i can't believe so many people in this industry don't and refuse to believe that.

quantum-x · 12-22-2007, 03:11 AM

I was looking for a fake account to post under, then though what the fuck.
Here's where it stands.
There are 2 scenarios:
1- Internal Job. Won't even speculate on this, I've got nothing to say. It's just an option.

2- Exploit.
If it's an exploit, it'll be coming in via SQL injection attacks.
I know this, because [as demonstrated] previously, NATS filtering of $_REQUEST variables has been incredibly poor. In what I've glimpsed of source code, and played with [I'm by no means a 'black hat', but I know an exploit when I see one] - they weren't even using mysql_real_escape_string for passing strings to the databases.

6-12 months ago I did a POC where I dropped an entire database by injecting the SQL through a NATS [or CARMA, can't remember] URL.
I notified them via ticket. Have things improved? Not sure.

So, if it's as above, it doesn't matter how good your sql restrictions are, because the SQL requests come from the localhost anyhow.

It's easily conceivable that you can have full control over the database, hence the creation / deletion of accounts.

stevo · 12-22-2007, 03:24 AM

3- Generic admin username/password created by installer. For example, if i remember correctly:

Username: (employee/installer name)
Password: (i wont post on a public board, but also very generic)

If this employee, used the same technique on several installs, i could see a problem... This could also explain why the problem is small scale.

quantum-x · 12-22-2007, 03:29 AM

Quote:

Originally Posted by stevo

3- Generic admin username/password created by installer. For example, if i remember correctly:

Username: (employee/installer name)
Password: (i wont post on a public board, but also very generic)

If this employee, used the same technique on several installs, i could see a problem... This could also explain why the problem is small scale.

Good point.
However people have pointed out in this thread that the account is reappearing after deletion.

quantum-x · 12-22-2007, 03:43 AM

Hit stats for a NATS sponser. 2006. Hmm.

This is thin, thin 'evidence' though.

TheSenator · 12-22-2007, 03:47 AM

Quote:

Originally Posted by quantum-x

Hit stats for a NATS sponser. 2006. Hmm.

This is thin, thin 'evidence' though.

Do you hear that?

That is the sound of a company lawyering up!!!

Follow the money....

AlienQ - BANNED FOR LIFE · 12-22-2007, 03:56 AM

Quantum I was being sarcastic above there fella.

I raged about some things regarding NATS I was even banned for it in the past. Do a history on John Albright here in GFY. Ya will know where I stand about all this.

All I am saying now is, none of this surprises me in the least.

Mutt · 12-22-2007, 04:07 AM

Quote:

Originally Posted by quantum-x

Hit stats for a NATS sponser. 2006. Hmm.

This is thin, thin 'evidence' though.

so shouldn't all NATS program owners be checking their server stats now for that IP?

tdfcash3 · 12-22-2007, 04:30 AM

theres no stopping this thread is there

borked · 12-22-2007, 04:35 AM

Quote:

Originally Posted by Mutt

so shouldn't all NATS program owners be checking their server stats now for that IP?

Why? Every time they log in to the admin in response to the ticket, you'll find that IP shows up in the logs. All normal behaviour. Noting out of the ordinary in that screencap.

If you reread the thread again, I think you'll find it's other, non-TMM IPs that are the problem.

Johny Traffic · 12-22-2007, 04:35 AM

Quote:

Originally Posted by tdfcash3

theres no stopping this thread is there

what you doing over these parts with all the yanks

Mutt · 12-22-2007, 04:37 AM

owning a hosting company or affiliate software company would be about as stressful as it gets in this industry.

what if this isn't a hack of NATS but a new or even unknown exploit of mysql or apache - then NATS is just an innocent bystander and hosting companies are as much or more responsible?

Tempest · 12-22-2007, 04:39 AM

I'd say about 70% of the nats programs I sign up to (each with a very unique email address just for that program)... within about 3-5 weeks I start getting spam on that email address... Been mentioning it to some programs for a long time now but no one knows what to do about it... However... When I sgned up to topbucks as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... signed up to silvercash as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... I think the issue isn't just tied to 1 thing.

tdfcash3 · 12-22-2007, 04:40 AM

Quote:

Originally Posted by Johny Traffic

what you doing over these parts with all the yanks

Says u with 4000+ posts!

quantum-x · 12-22-2007, 04:41 AM

Quote:

Originally Posted by borked

Why? Every time they log in to the admin in response to the ticket, you'll find that IP shows up in the logs. All normal behaviour. Noting out of the ordinary in that screencap.

If you reread the thread again, I think you'll find it's other, non-TMM IPs that are the problem.

Right, I was just having fun with google, and posted the similar disclaimer under the photo. People like screengrabs, though.

Drake · 12-22-2007, 04:42 AM

Quote:

Originally Posted by Tempest

I'd say about 70% of the nats programs I sign up to (each with a very unique email address just for that program)... within about 3-5 weeks I start getting spam on that email address... Been mentioning it to some programs for a long time now but no one knows what to do about it... However... When I sgned up to topbucks as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... signed up to silvercash as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... I think the issue isn't just tied to 1 thing.

What sites/products were being spammed?

Mutt · 12-22-2007, 04:43 AM

Quote:

Originally Posted by borked

Why? Every time they log in to the admin in response to the ticket, you'll find that IP shows up in the logs. All normal behaviour. Noting out of the ordinary in that screencap.

If you reread the thread again, I think you'll find it's other, non-TMM IPs that are the problem.

so why did quantum-x post that screencap?

RazorSharpe · 12-22-2007, 05:14 AM

Quote:

Originally Posted by Mutt

owning a hosting company or affiliate software company would be about as stressful as it gets in this industry.

what if this isn't a hack of NATS but a new or even unknown exploit of mysql or apache - then NATS is just an innocent bystander and hosting companies are as much or more responsible?

If that were the case then i would assume that it wouldn't be just the nats staff admin account that was compromised and being used. These people, (and i say people because the logins are from various areas like Tampa, San Deigo, UK) are specifically logging in with the nats staff admin account.

Furthermore, if it were a issue specific to mysql or apache then the internet itself would be ablaze with speculation about it in more than the adult affiliate sector.

...

RazorSharpe · 12-22-2007, 05:24 AM

Quote:

Originally Posted by ladida

You sure yap'd alot of nonsense in that post of yours, however, i don't think anything, unlike you. I know, since i have been shown emails where program owners have been notified, or i have notified them myself, and they ignored problem, untill it is brought up in a thread like this for example (i didn't say ALL, nor did i mean you since i dont even know you). So again, think before you speak, or don't speak at all, at least don't attack the person you know nothing about.

I don't have to point you anywhere since i dont owe you anything. I trade info, and you are not on my list of clients. Those that i speak of know it's them and they won't dispute my post. If they do, it'll get even funnier. I just stated how things are, whether you chose to believe it or not, it's your business, but i'm not gona stand by when clueless people attack me for what i know.

Furthermore, there's alot of backstabbing in this thread from people that supposedly "want to help". So nats got hacked. WOOO HOOO... What do you (or other in the thread) know exactly of the time that Mansion got hacked? Strongbox? Sitedepth? AdultWebware? Or any other shit that people use?
So some are furious that they have not been notified? LOL. Get a grip. Ofcourse John is not gona make a public statement their server is compromised (if it is), or that they have a problem in the code. It'd be a suicide. Same as when any other porn company gets hacked, you don't see a public apology here that people's emails/personal info got harvested do you? No, they fix the shit and move on (or don't even fix it and blame someone else). Or when software companies fix faults in their software on your server without you even knowing that it was a live exploit through which your server got hacked?

Shut the fuck up about "who you are" already, i think I have made it quite clear that I don't care who you are or what you do. I know all i need to know about you; most important of which is you have an extremely high estimation of yourself and think you know it all.

If there is anyone that needs to think before they speak, it's you. You're sounding more of an idiot with each passing post.

...

chupacabra · 12-22-2007, 05:32 AM

Quote:

Originally Posted by kmanrox

surely i cant the only one who may have hypothetically heard for years of the availablility of processor dbases for a hefty price?

no, your not... a couple of peeps from two now defunct processors *suggested* the same to me years ago, not mentioning any names here (TransCharge, Paymonde) so yeah... your not alone mang..

RazorSharpe · 12-22-2007, 05:32 AM

Okay, it seems banning the account makes no difference as the person is still able to login:

67.19.188.250 - 2007-12-22 09:30:32
67.19.188.250 - 2007-12-22 03:30:31
67.19.188.250 - 2007-12-22 00:23:23

I submitted a ticket to TMM yesterday telling them I could not secure the admin via IP since i run on a dynamic IP. They said they couldn't help me till tomorrow. I said it was serious and they said if I had banned the account it would be fine. Obviously not the case.

...

DVTimes · 12-22-2007, 05:47 AM

Good luck to all

ladida · 12-22-2007, 05:56 AM

Quote:

Originally Posted by JDog

Now as for this comment. I feel that if John knew it, HE doesn't need to make a public statement, but he does in fact need to let their clients, EVERY SINGLE CLIENT, know that one one of their servers has been compromised. But only if their server contains data about a clients machine (server ip, ssh port, ssh user, ssh pass, etc, etc). But at the same time, it'd be public because a client would post on GFY or one of the other boards. This also brings up the fact that any machine visible on the web should have a software firewall on their machine, iptables is fine. Block every port except those needed by web server (port 80, 443 and any others). Then only allow say for SSH the IP addy's needed for the certain people.

It might be a pain in the ass, but that's the best way to keep somebody out, even if they have your information, atleast they can't FTP or SSH into your box.

Yea, that would be the RIGHT thing to do.

But then, when a program gets hacked through other means then nats, and their whole customer base with info gets stolen, and affilate data gets stolen, would they also need to issues such a statement? Informing all of the affiliates that the data might be breached and that they should change their passwords? Hmm.. Double standards?

@RazorSharpe
Buuuhuuu, did i burst your buble of the perfect world?

Chio · 12-22-2007, 05:59 AM

Change your own admin pass after you deleted the admin account used to get in (if you haven't already)

If the attacker was able to get in to gank emails etc. Chances are he has your username/pass as well.

I've never used nats so I'm not sure if it's possible with the account they had but to be safe...

JOKER · 12-22-2007, 06:01 AM

Quote:

Originally Posted by RazorSharpe

Okay, it seems banning the account makes no difference as the person is still able to login:

67.19.188.250 - 2007-12-22 09:30:32
67.19.188.250 - 2007-12-22 03:30:31
67.19.188.250 - 2007-12-22 00:23:23

I submitted a ticket to TMM yesterday telling them I could not secure the admin via IP since i run on a dynamic IP. They said they couldn't help me till tomorrow. I said it was serious and they said if I had banned the account it would be fine. Obviously not the case.

...

Might want to think about setting up a VPN for this kind of secure access and the feature of a fixed IP then?

Is it not possible to .htaccess protect the admin-area of NATS as well, as an added layer of security on top of limiting the User-IP NATS internally? Just an idea.
I'm not running NATS as Admin so I wouldn't know, so this is just a suggestion.

HS-Trixxxia · 12-22-2007, 06:01 AM

Quote:

Originally Posted by Tempest

I'd say about 70% of the nats programs I sign up to (each with a very unique email address just for that program)... within about 3-5 weeks I start getting spam on that email address... Been mentioning it to some programs for a long time now but no one knows what to do about it... However... When I sgned up to topbucks as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... signed up to silvercash as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... I think the issue isn't just tied to 1 thing.

Tempest - I can guarantee you, Topbucks never sent you one email. I STRONGLY suggest you send a copy of 'that' email or any email that you got with the account specifically to them to support. I will point them to this post either way.

ladida · 12-22-2007, 06:07 AM

Quote:

Originally Posted by HS-Trixxxia

Tempest - I can guarantee you, Topbucks never sent you one email. I STRONGLY suggest you send a copy of 'that' email or any email that you got with the account specifically to them to support. I will point them to this post either way.

No program has sent an email ever. That's the beauty. If you're at that stage that you receive email on the account, your data has already been traded. Hackers hack you and share info with their fellow hackers. Then spammers buy from hackers. So, when you start receiving spam on a dedicated email to a program, you're already few months behind the hackers.

Barefootsies · 12-22-2007, 06:10 AM

Quote:

Originally Posted by commonsense

AlienQ invented suspecting

RazorSharpe · 12-22-2007, 06:14 AM

Quote:

Originally Posted by ladida

Yea, that would be the RIGHT thing to do.

But then, when a program gets hacked through other means then nats, and their whole customer base with info gets stolen, and affilate data gets stolen, would they also need to issues such a statement? Informing all of the affiliates that the data might be breached and that they should change their passwords? Hmm.. Double standards?

@RazorSharpe
Buuuhuuu, did i burst your buble of the perfect world?

Like I said, inflated opinion of yourself. You really need to learn how to be more humble. As it stands, you've neither busted my bubble or changed my opinion of you. You're still an arse ....

TMM_John · 12-22-2007, 06:28 AM

The amount of wrong information, assumptions, and completely wrong accusations here is astounding.

This will be my last post in this thread and possibly on this board. I am tired of people running around saying whatever they want and there being no repercussions for it. It is ridiculous and I'm not going to sit here and argue with them.

This fully appears to be a compromised password list. It is not an "exploit" in the software. It is not Fred spamming your members, etc. We have changed our policy so that we no longer maintain ANY passwords to ensure this does not happen via us ever in the future. We are also continuing to implement other protective measures.

Those of you who have actual valid feedback and comments I appreciate them. Anyone is welcome to contact us regarding this with their questions or concerns and we will be further communicating directly with our clients about it.

However as to dealing with the people who make their living making things up about other people, I'm done here.

Ycaza · 12-22-2007, 06:31 AM

Quote:

Originally Posted by SiMpLe

Called Caz and threaten to sue for what - Letting people know about a serious exploit?? wtf

As the day goes on and more people keep coming to me saying "Thank You" it just keeps getting better and better. I'm at a loss for words right now.

Yep, threatened to sue me, and thats really all i am going to say here. OC3 has done a lot of work to help resolve this issue for our clients but our clients deserve most of the credit for helping us to find the problem. And for the record, when john said to me " I need yours and OC3's lawyers info, I twice told him that my cell number is in the thread about the issue, and invited him to call me. He never did.

3xTom · 12-22-2007, 06:32 AM

Just a simple statement that my momma taught me along time ago

Why does the farmer let the fox fix the whole in the fence?

Im not IMPLYING ANYTHING here guys ....
Just looking at the POSSIBILITY not any facts here at all

and john why is it immediatly blame on all your customers servers and no blame at all on yourself? Im just looking at all this here and I see alot of people having a problem INCLUDING US .......

And im seeing you blaming us and our servers/hosting its easy to point a finger.....

ANYWAYS THAT IS ALL I HAVE TO SAY....

tdfcash3 · 12-22-2007, 06:33 AM

Quote:

Originally Posted by PBucksJohn

The amount of wrong information, assumptions, and completely wrong accusations here is astounding.

This will be my last post in this thread and possibly on this board. I am tired of people running around saying whatever they want and there being no repercussions for it. It is ridiculous and I'm not going to sit here and argue with them.

This fully appears to be a compromised password list. It is not an "exploit" in the software. It is not Fred spamming your members, etc. We have changed our policy so that we no longer maintain ANY passwords to ensure this does not happen via us ever in the future. We are also continuing to implement other protective measures.

Those of you who have actual valid feedback and comments I appreciate them. Anyone is welcome to contact us regarding this with their questions or concerns and we will be further communicating directly with our clients about it.

However as to dealing with the people who make their living making things up about other people, I'm done here.

What a total wanker you are!

Drake · 12-22-2007, 06:34 AM

Quote:

Originally Posted by Quickdraw

It's very widespread and has been brought up on numerous occasions. Whenever it is brought up it gets the classic GFY response of belittling the messenger.
This is one that comes to mind, although it has come up many times before.
I use to use a unique email for every sponsor I joined, and with NATS sponsors the result was always the same, so I quit signing up to sponsors using NATS.
http://www.gfy.com/fucking-around-and-business-discussion/752142-sponsor-selling-webmaster-emails-nats-security.html

The weird relationship that John and Quickbuck have doesn't make me feel any easier about the whole situation either. Considering the Quickbuck system is all NATS, I find this quote a bit odd. Business may be business, but how can either one of these companies do business with each other?

Quote:

Originally Posted by Quick Buck
John albright owned porngraph and fucked all the porngraph users because it was not making any money... then he used the money he earned to build nats.

is this really news?.. are you really that dumb?

Quickbuck uses Nats and they said this? wtf

Trixxxia · 12-22-2007, 06:35 AM

Quote:

Originally Posted by RazorSharpe

Okay, it seems banning the account makes no difference as the person is still able to login:

67.19.188.250 - 2007-12-22 09:30:32
67.19.188.250 - 2007-12-22 03:30:31
67.19.188.250 - 2007-12-22 00:23:23

I submitted a ticket to TMM yesterday telling them I could not secure the admin via IP since i run on a dynamic IP. They said they couldn't help me till tomorrow. I said it was serious and they said if I had banned the account it would be fine. Obviously not the case.

...

RazorSharpe - I have an idea, want to hit me up?

12-22-2007, 01:28 AM	#202
D Confirmed User Join Date: Jan 2006 Location: The Valley Posts: 7,412	Good luck to all parties involved in getting this matter sorted out. __________________ -D. ICQ: 202-96-31

12-22-2007, 02:47 AM	#207
poto Confirmed User Join Date: Jun 2006 Posts: 116	good to see NATS is finally doing something to fix this for everyone... it's a bit overdue tho... __________________ icq 236-802-704

12-22-2007, 02:48 AM	#208
kmanrox aka K-Man Industry Role: Join Date: Oct 2001 Location: The Gutter Posts: 29,290	i may have always been under the understanding that the processors sold off their email lists... i may have heard this from many webmasters that it may be an assumed occurence.. that's all i will say disclaim the above is not implying, implicating, suggesting or accusing anyone of doing anything uncuth or unlawful. the above is simply things one may* have heard thru the 'grapevine' __________________ Crypto HODLr Crypto mining Angel investor

12-22-2007, 02:52 AM	#209
AlienQ - BANNED FOR LIFE best designer on GFY Join Date: Mar 2003 Location: IALIEN.COM - High Definition Video and Photographic Productions -ICQ 78943384 Posts: 30,307	Of course. It was the lead admins account but it was not him and uhh uhh... How Convenient! If I knew that people were really that easy to pull one over on I would certainly be alot wealthier today. ROFLMAO! I mean NATS is a top notch crew it was just a glitch! __________________ NAKED HOSTING FTW!11 I'm On The INSANE PLAN $9.95/mo! \| The Alien Blog Adult News Worth Reading Updated Daily \| Content For Sale! 641 PICS 216 MINUTES OF VIDEO $350.00 \|ICQ: 78943384 \|

12-22-2007, 02:54 AM	#210
kmanrox aka K-Man Industry Role: Join Date: Oct 2001 Location: The Gutter Posts: 29,290	surely i cant the only one who may have hypothetically heard for years of the availablility of processor dbases for a hefty price? __________________ Crypto HODLr Crypto mining Angel investor

12-22-2007, 02:37 AM	#204
V_RocKs Damn Right I Kiss Ass! Industry Role: Join Date: Dec 2003 Location: Cowtown, USA Posts: 32,405	I finally just saw where someone accused their lead programmer of being a smoking gun... Now that is funny.

12-22-2007, 02:40 AM	#205
quantum-x Confirmed User Join Date: Feb 2002 Location: ICQ: 251425 Fr/Au/Ca Posts: 6,863	Fred is the lead programmer of CARMA and NATS at TMM. It's probably normal that admin accounts are under his name, it would be the most logical. I don't think you can conclude that it's Fred that's doing it, simply because that's the name on the admin account. As if you'd leave your full name on you own hack..

12-22-2007, 02:55 AM	#212
stevo Confirmed User Join Date: Aug 2002 Location: Orlando, Florida Posts: 2,051	Count me in too... NATS was originally installed on my server in 2005. The account they created during the original install, is the one that got replaced by "Fred Schank". I won't go into details or opinions, but if i remember correctly it was a very generic username/password that was probably easily cracked.

12-22-2007, 02:58 AM	#213
TheSenator Too lazy to set a custom title Industry Role: Join Date: Feb 2003 Location: NJ Posts: 13,332	I nominate this thread for DRAMA of the year award. __________________ ISeekGirls.com since 2005

12-22-2007, 03:11 AM	#217
quantum-x Confirmed User Join Date: Feb 2002 Location: ICQ: 251425 Fr/Au/Ca Posts: 6,863	I was looking for a fake account to post under, then though what the fuck. Here's where it stands. There are 2 scenarios: 1- Internal Job. Won't even speculate on this, I've got nothing to say. It's just an option. 2- Exploit. If it's an exploit, it'll be coming in via SQL injection attacks. I know this, because [as demonstrated] previously, NATS filtering of $_REQUEST variables has been incredibly poor. In what I've glimpsed of source code, and played with [I'm by no means a 'black hat', but I know an exploit when I see one] - they weren't even using mysql_real_escape_string for passing strings to the databases. 6-12 months ago I did a POC where I dropped an entire database by injecting the SQL through a NATS [or CARMA, can't remember] URL. I notified them via ticket. Have things improved? Not sure. So, if it's as above, it doesn't matter how good your sql restrictions are, because the SQL requests come from the localhost anyhow. It's easily conceivable that you can have full control over the database, hence the creation / deletion of accounts.

12-22-2007, 03:24 AM	#218
stevo Confirmed User Join Date: Aug 2002 Location: Orlando, Florida Posts: 2,051	3- Generic admin username/password created by installer. For example, if i remember correctly: Username: (employee/installer name) Password: (i wont post on a public board, but also very generic) If this employee, used the same technique on several installs, i could see a problem... This could also explain why the problem is small scale.

12-22-2007, 03:43 AM	#220
quantum-x Confirmed User Join Date: Feb 2002 Location: ICQ: 251425 Fr/Au/Ca Posts: 6,863	Hit stats for a NATS sponser. 2006. Hmm. This is thin, thin 'evidence' though.

12-22-2007, 03:56 AM	#222
AlienQ - BANNED FOR LIFE best designer on GFY Join Date: Mar 2003 Location: IALIEN.COM - High Definition Video and Photographic Productions -ICQ 78943384 Posts: 30,307	Quantum I was being sarcastic above there fella. I raged about some things regarding NATS I was even banned for it in the past. Do a history on John Albright here in GFY. Ya will know where I stand about all this. All I am saying now is, none of this surprises me in the least. __________________ NAKED HOSTING FTW!11 I'm On The INSANE PLAN $9.95/mo! \| The Alien Blog Adult News Worth Reading Updated Daily \| Content For Sale! 641 PICS 216 MINUTES OF VIDEO $350.00 \|ICQ: 78943384 \|

12-22-2007, 04:30 AM	#224
tdfcash3 Registered User Join Date: Nov 2006 Posts: 65	theres no stopping this thread is there __________________ ICQ - 421-515-010

12-22-2007, 04:37 AM	#227
Mutt Too lazy to set a custom title Industry Role: Join Date: Sep 2002 Posts: 34,431	owning a hosting company or affiliate software company would be about as stressful as it gets in this industry. what if this isn't a hack of NATS but a new or even unknown exploit of mysql or apache - then NATS is just an innocent bystander and hosting companies are as much or more responsible? __________________ I moved my sites to Vacares Hosting. I've saved money, my hair is thicker, lost some weight too! Thanks Sly!

12-22-2007, 04:39 AM	#228
Tempest Too lazy to set a custom title Industry Role: Join Date: May 2004 Location: West Coast, Canada. Posts: 10,217	I'd say about 70% of the nats programs I sign up to (each with a very unique email address just for that program)... within about 3-5 weeks I start getting spam on that email address... Been mentioning it to some programs for a long time now but no one knows what to do about it... However... When I sgned up to topbucks as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... signed up to silvercash as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... I think the issue isn't just tied to 1 thing.

12-22-2007, 05:32 AM	#236
RazorSharpe Confirmed User Industry Role: Join Date: Aug 2001 Location: Scotland Posts: 2,238	Okay, it seems banning the account makes no difference as the person is still able to login: 67.19.188.250 - 2007-12-22 09:30:32 67.19.188.250 - 2007-12-22 03:30:31 67.19.188.250 - 2007-12-22 00:23:23 I submitted a ticket to TMM yesterday telling them I could not secure the admin via IP since i run on a dynamic IP. They said they couldn't help me till tomorrow. I said it was serious and they said if I had banned the account it would be fine. Obviously not the case. ... __________________ Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

12-22-2007, 05:47 AM	#237
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,544	Good luck to all __________________ The Affiliate Program

12-22-2007, 05:59 AM	#239
Chio Confirmed User Join Date: Oct 2002 Location: ICQ: 39-183769 Posts: 8,002	Change your own admin pass after you deleted the admin account used to get in (if you haven't already) If the attacker was able to get in to gank emails etc. Chances are he has your username/pass as well. I've never used nats so I'm not sure if it's possible with the account they had but to be safe... __________________ I seo'd my hair yesterday and today it's pr7! RIP Texas Dreams Are you a content producer or program owner sick of tube sites? Contact me on ICQ: 39-183769

12-22-2007, 06:28 AM	#245
TMM_John Confirmed User Industry Role: Join Date: May 2004 Posts: 6,659	The amount of wrong information, assumptions, and completely wrong accusations here is astounding. This will be my last post in this thread and possibly on this board. I am tired of people running around saying whatever they want and there being no repercussions for it. It is ridiculous and I'm not going to sit here and argue with them. This fully appears to be a compromised password list. It is not an "exploit" in the software. It is not Fred spamming your members, etc. We have changed our policy so that we no longer maintain ANY passwords to ensure this does not happen via us ever in the future. We are also continuing to implement other protective measures. Those of you who have actual valid feedback and comments I appreciate them. Anyone is welcome to contact us regarding this with their questions or concerns and we will be further communicating directly with our clients about it. However as to dealing with the people who make their living making things up about other people, I'm done here. __________________ Skype: JohnA1078 Too Much Media - Makers of the Industry's Leading Payite Management Platform, NATS!

12-22-2007, 06:32 AM	#247
3xTom Confirmed User Industry Role: Join Date: Dec 2002 Posts: 1,610	Just a simple statement that my momma taught me along time ago Why does the farmer let the fox fix the whole in the fence? Im not IMPLYING ANYTHING here guys .... Just looking at the POSSIBILITY not any facts here at all and john why is it immediatly blame on all your customers servers and no blame at all on yourself? Im just looking at all this here and I see alot of people having a problem INCLUDING US ....... And im seeing you blaming us and our servers/hosting its easy to point a finger..... ANYWAYS THAT IS ALL I HAVE TO SAY....