borked

Requires quoting for a very good point - a lot of household names in there. They need dropping at your front door. Cease and assist as a wise man once said (earlier today)

__________________

For coding work - hit me up on andy // borkedcoder // com
(consider figuring out the email as test #1)

SubAms

150 exploits

__________________
Promote exclusive British sites with Suburban Cash
Suburban Amateurs - Danica Collins

spacedog

Definitely did, but don't know if he does now or not.. ICQ him & ask him.

DVTimes

me too

problem is i promote some nats sites, and if members are getting spam due to this, they will cancell. As such I will have lost re-bills from promoting these sites.

__________________
The Affiliate Program

DVTimes

almost.

you got 152 spot.

you need to post quicker.

__________________
The Affiliate Program

HS-Trixxxia

I wiped him out awhile ago already. I want the tracking of the IPs of who logged in - and there, I do need a tech ;)

__________________

~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~
Patrizia
COO - ♥ MassiveDollars
Email: patrizia at MassiveDollars dot com
ICQ: 465.826.441 Yahoo: trixxxia_me MSN: trixxxia at hotmail dot com

TampaToker

anyone have any success with this?

__________________
Icq 247-742-205

Rep

Our logs reflect the same thing

67.84.12.95 - 2007-12-21 17:52:52
67.19.188.250 - 2007-12-21 16:20:45
67.19.188.250 - 2007-12-21 10:20:46
67.19.188.250 - 2007-12-21 04:20:45
67.19.188.250 - 2007-12-20 22:20:46
67.19.188.250 - 2007-12-20 17:54:53
67.19.188.250 - 2007-12-20 16:20:45
67.19.188.250 - 2007-12-20 10:20:45
67.19.188.250 - 2007-12-20 04:20:46
67.19.188.250 - 2007-12-19 22:20:46
67.19.188.250 - 2007-12-19 17:54:54
67.19.188.250 - 2007-12-19 16:20:45
67.19.188.250 - 2007-12-19 10:20:46
67.19.188.250 - 2007-12-19 04:20:45
67.19.188.250 - 2007-12-18 22:20:45
67.19.188.250 - 2007-12-18 17:51:01
67.19.188.250 - 2007-12-18 16:20:46
67.19.188.250 - 2007-12-18 10:20:45
69.94.70.187 - 2007-12-18 04:20:45
65.110.53.100 - 2007-12-17 17:51:16
65.110.53.100 - 2007-12-17 16:20:45
65.110.53.100 - 2007-12-17 10:20:45
65.110.53.100 - 2007-12-17 04:20:45
65.110.53.100 - 2007-12-16 17:51:16
65.110.53.100 - 2007-12-16 16:20:46
65.110.53.100 - 2007-12-16 10:20:46
65.110.53.100 - 2007-12-16 04:20:46
65.110.53.100 - 2007-12-15 22:20:46
65.110.53.100 - 2007-12-15 17:51:22
207.44.162.119 - 2007-12-14 04:20:46
207.44.162.119 - 2007-12-13 22:20:46
207.44.162.119 - 2007-12-13 17:51:14
207.44.162.119 - 2007-12-13 16:20:46
207.44.162.119 - 2007-12-13 10:20:45
207.44.162.119 - 2007-12-13 04:20:45
207.44.162.119 - 2007-12-12 22:20:46
207.44.162.119 - 2007-12-12 17:51:05
207.44.162.119 - 2007-12-12 16:20:41
207.44.162.119 - 2007-12-12 10:20:41
207.44.162.119 - 2007-12-12 04:20:41
207.44.162.119 - 2007-12-11 22:20:41
207.44.162.119 - 2007-12-11 17:51:03
207.44.162.119 - 2007-12-11 16:20:40
207.44.162.119 - 2007-12-11 10:20:40
207.44.162.119 - 2007-12-11 04:20:40
207.44.162.119 - 2007-12-10 22:20:41
207.44.162.119 - 2007-12-10 17:51:15
207.44.162.119 - 2007-12-10 16:20:41
207.44.162.119 - 2007-12-10 10:20:41
207.44.162.119 - 2007-12-10 04:20:40
207.44.162.119 - 2007-12-09 22:20:41
207.44.162.119 - 2007-12-09 17:51:01
207.44.162.119 - 2007-12-09 16:20:41
207.44.162.119 - 2007-12-09 10:20:41
207.44.162.119 - 2007-12-09 04:20:42
207.44.162.119 - 2007-12-08 22:20:42
207.44.162.119 - 2007-12-08 17:51:03
207.44.162.119 - 2007-12-08 16:20:47
207.44.162.119 - 2007-12-08 10:20:46
207.44.162.119 - 2007-12-08 04:20:47
207.44.162.119 - 2007-12-07 22:20:47
207.44.162.119 - 2007-12-07 17:51:20
207.44.162.119 - 2007-12-07 16:20:46
207.44.162.119 - 2007-12-07 10:20:46
207.44.162.119 - 2007-12-07 04:20:47
207.44.162.119 - 2007-12-06 22:20:47
207.44.162.119 - 2007-12-06 17:51:13
207.44.162.119 - 2007-12-06 16:20:47
207.44.162.119 - 2007-12-06 10:20:48
207.44.162.119 - 2007-12-06 04:20:47
207.44.162.119 - 2007-12-05 22:20:47
207.44.162.119 - 2007-12-05 17:51:09
207.44.162.119 - 2007-12-05 16:20:47
207.44.162.119 - 2007-12-05 10:20:47
207.44.162.119 - 2007-12-05 04:20:46
207.44.162.119 - 2007-12-04 22:20:47
207.44.162.119 - 2007-12-04 17:51:37
207.44.162.119 - 2007-12-04 16:20:51
207.44.162.119 - 2007-12-04 10:20:51
207.44.162.119 - 2007-12-04 04:20:50
207.44.162.119 - 2007-12-03 22:20:51
207.44.162.119 - 2007-12-03 17:51:10
207.44.162.119 - 2007-12-03 16:20:50
207.44.162.119 - 2007-12-03 10:20:51
207.44.162.119 - 2007-12-03 04:20:51
207.44.162.119 - 2007-12-02 22:20:51
207.44.162.119 - 2007-12-02 17:51:40
207.44.162.119 - 2007-12-02 16:20:51
207.44.162.119 - 2007-12-02 10:20:51
207.44.162.119 - 2007-12-02 04:20:51
207.44.162.119 - 2007-12-01 22:20:51
207.44.162.119 - 2007-12-01 17:51:04
207.44.162.119 - 2007-12-01 16:20:50
207.44.162.119 - 2007-12-01 10:20:51
207.44.162.119 - 2007-12-01 04:20:50
207.44.162.119 - 2007-11-30 22:20:51
207.44.162.119 - 2007-11-30 17:51:32
207.44.162.119 - 2007-11-30 16:20:51
207.44.162.119 - 2007-11-30 10:20:51
207.44.162.119 - 2007-11-30 04:20:52
207.44.162.119 - 2007-11-29 22:20:51
207.44.162.119 - 2007-11-29 17:51:18
207.44.162.119 - 2007-11-29 16:39:51
207.44.162.119 - 2007-11-28 17:51:25
207.44.162.119 - 2007-11-27 17:51:25
207.44.162.119 - 2007-11-26 20:24:22
207.44.162.119 - 2007-11-26 20:11:53
207.44.162.119 - 2007-11-26 17:51:29
207.44.162.119 - 2007-11-25 17:51:27
207.44.162.119 - 2007-11-25 16:20:50
207.44.162.119 - 2007-11-25 10:20:51
207.44.162.119 - 2007-11-25 04:20:51
207.44.162.119 - 2007-11-24 22:20:51
207.44.162.119 - 2007-11-24 17:51:09
207.44.162.119 - 2007-11-24 16:20:55
207.44.162.119 - 2007-11-24 10:20:56
207.44.162.119 - 2007-11-24 04:20:55
207.44.162.119 - 2007-11-23 22:20:56
207.44.162.119 - 2007-11-23 17:51:08
207.44.162.119 - 2007-11-23 16:20:56
207.44.162.119 - 2007-11-23 10:20:55
207.44.162.119 - 2007-11-22 18:03:46
207.44.162.119 - 2007-11-22 17:51:05
207.44.162.119 - 2007-11-22 04:26:26
207.44.162.119 - 2007-11-21 22:26:25
207.44.162.119 - 2007-11-21 18:13:02
207.44.162.119 - 2007-11-21 17:51:08
207.44.162.119 - 2007-11-20 17:51:13
207.44.162.119 - 2007-11-19 21:53:46
207.44.162.119 - 2007-11-19 17:51:19
207.44.162.119 - 2007-11-18 17:51:26
207.44.162.119 - 2007-11-17 17:51:14
207.44.162.119 - 2007-11-17 13:20:42
207.44.162.119 - 2007-11-17 09:09:50
207.44.162.119 - 2007-11-16 17:51:15
207.44.162.119 - 2007-11-15 17:51:46
207.44.162.119 - 2007-11-15 09:11:16
207.44.162.119 - 2007-11-15 07:50:05
207.44.162.119 - 2007-11-14 17:51:15
207.44.162.119 - 2007-11-13 17:51:29
207.44.162.119 - 2007-11-13 15:31:13
207.44.162.119 - 2007-11-12 17:52:06
207.44.162.119 - 2007-11-12 15:16:36
207.44.162.119 - 2007-11-12 09:13:52
207.44.162.119 - 2007-11-12 06:56:56
207.44.162.119 - 2007-11-12 06:43:06
66.118.176.86 - 2007-11-12 06:05:00
66.118.176.86 - 2007-11-12 06:01:55
67.84.12.95 - 2007-10-30 12:52:13
67.84.12.95 - 2007-07-18 14:50:26
67.84.12.95 - 2007-07-18 14:48:20
67.84.12.95 - 2007-07-18 14:35:07
67.84.12.95 - 2007-07-18 11:45:29
67.84.12.95 - 2007-07-18 11:09:37
207.150.178.60 - 2007-07-17 09:12:36
67.84.12.95 - 2007-07-16 16:55:25
207.150.178.60 - 2007-07-16 13:19:20
207.150.178.60 - 2007-07-16 10:48:07
207.150.178.60 - 2007-07-16 07:25:33
207.150.178.60 - 2007-07-16 06:28:05
67.84.12.95 - 2007-07-14 14:26:22
67.84.12.95 - 2007-07-14 14:26:16
67.84.12.95 - 2007-07-14 14:25:42
67.84.12.95 - 2007-07-14 13:09:13

__________________
who | grep -i blonde | date; cd ~; unzip; touch; strip; finger; mount; gasp; yes; uptime; umount; sleep

sortie

I doubt the real Fred is doing the hack. I mean, why would he use his real name?

__________________

HS-Trixxxia

I actually banned the account - although John said I could remove him:
http://www.gfy.com/13548415-post84.html

Quote:
Originally Posted by Trixxxia
John - can I remove the user?

Yes, you can of course.

__________________

~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~
Patrizia
COO - ♥ MassiveDollars
Email: patrizia at MassiveDollars dot com
ICQ: 465.826.441 Yahoo: trixxxia_me MSN: trixxxia at hotmail dot com

TampaToker

well i don't wanna delete it cause i wont be able to tell if he is still logging in. So i just went in and banned it. But i do see a new ip now don't know if its nats or not 67.84.12.95

__________________
Icq 247-742-205

SmokeyTheBear

the only details i see being shared are the same details your customers are using to find out they have been compromised, i would think instead of complaining that people are finding out they have been hacked you might start by emailing your customers and letting them know , then they wouldnt have to find out on gfy.

__________________
hatisblack at yahoo.com

ARS Bryan

This thread = LMFAO

NATS tech support

__________________
///ARS - Adult Revenue Service


ICQ me 25120534

ProjectNaked

I believe that would be a "smoking gun" ?????

Juicy D. Links

anybody want to see my penis?

Quickdraw

It's very widespread and has been brought up on numerous occasions. Whenever it is brought up it gets the classic GFY response of belittling the messenger.
This is one that comes to mind, although it has come up many times before.
I use to use a unique email for every sponsor I joined, and with NATS sponsors the result was always the same, so I quit signing up to sponsors using NATS.
http://www.gfy.com/fucking-around-and-business-discussion/752142-sponsor-selling-webmaster-emails-nats-security.html

The weird relationship that John and Quickbuck have doesn't make me feel any easier about the whole situation either. Considering the Quickbuck system is all NATS, I find this quote a bit odd. Business may be business, but how can either one of these companies do business with each other?

SmokeyTheBear

are there any nats programs that haven't been compromised yet ?

will nats be contacting the programs affiliates and let them know their affiliate personal information has been compromised for the sponsors in question

__________________
hatisblack at yahoo.com

kristin

I know Mayors was clean.

But I also know they went through and changed/killed all admin accounts awhile ago.

__________________
Vacares rules.

"Usually only fat guys have the kind of knowledge and ability that Kristin has."

V_RocKs

4 pages... and no signs of it stopping before another.

HS-Trixxxia

So far, from what I can tell - we are ok but the server guys are doing their due diligence and going over our servers for us and the other programs hosting with them for the past few hours.

__________________

~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~
Patrizia
COO - ♥ MassiveDollars
Email: patrizia at MassiveDollars dot com
ICQ: 465.826.441 Yahoo: trixxxia_me MSN: trixxxia at hotmail dot com

the indigo

1. It is recommend you IP restrict access to your NATS admin area through the NATS configuration. To set this up, you can place a comma separated list of IP addresses that you wish to allow access to your NATS admin in the ADMIN_IPS field in your configuration admin.

Just did that... noted that my IP is dynamic and change once in a while... so I put XXX.XXX.* instead of XXX.XXX.XXX.XXX

Now I can't even access the configuration anymore and I'm stuck.

Great. Anybody knows how to edit this information? Please contact me theindigo2k /AT/ yahoo /DOT/ com

__________________
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." -Hunter S. Thompson

HS-Trixxxia

Are you the only one with admin access? If yes, I think your only way back is via your host, put a call or ticket in.

__________________

~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~
Patrizia
COO - ♥ MassiveDollars
Email: patrizia at MassiveDollars dot com
ICQ: 465.826.441 Yahoo: trixxxia_me MSN: trixxxia at hotmail dot com

RP Fade

oh crap..that sucks

__________________
HomemadeCash.com - Homemade & GF sites powered by NScash.com
HomemadeVideoPass.com - The only all homemade mega site
OurHomemadePorno.com - Real couples fucking on camera
Contact ICQ: 400-786-531 Email: fade AT nscash.com

pocketkangaroo

If the hacker was able to access the affiliate data, that could sell for huge. Imagine what some programs would pay for contact info to some of the biggest whales in the industry.

Snake Doctor

I haven't read the whole thread other than the first post but I wanted to say this.

I had a paysite processing with paycom awhile back, and I did test signups using email addresses like [email protected] [email protected] etc...a couple of months later I started getting spam at those email addresses.
My emails to my account rep and Rand concerning that subject were never replied to.

__________________
sig too big

the indigo

Give me a break. When members contact you saying "Hey you spammer, blah blah blah" you think that he just got spammed from a different site using the same email address. Because I know very well we don't spam, and Epoch/NATS don't either.

I did not start this thread until a member with a DEDICATED email address could prove me it came from our paysite.

Problem is, if you start a thread in this industry against a processor and/or program... you know better than me it's not always professional. I can't lose my credit card processor so it needs to be serious before I start a public thread about it.

Anyway, mind your own business. When you pay $/month for a program, you expect security fixes/alerts. Not you having to ask around to know what is going on. This is called trust.

__________________
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." -Hunter S. Thompson

the indigo

double post

__________________
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." -Hunter S. Thompson

TampaToker

Ignore him indigo this thread has been very informative....

__________________
Icq 247-742-205

spacedog

Is that why I always have reps hitting me up saying "Please give us a try"

HS-Trixxxia

indigo, I commend you for coming out with this. At least we're all able to simultaneously block the shit now - so we can battle the next snake when we hear hissing again. Hopefully, everyone can be reached now and things get done.

__________________

~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~
Patrizia
COO - ♥ MassiveDollars
Email: patrizia at MassiveDollars dot com
ICQ: 465.826.441 Yahoo: trixxxia_me MSN: trixxxia at hotmail dot com

AlienQ - BANNED FOR LIFE

Well as a matter of fact.
Yes.

However I did not pin it on PAYCOM.

__________________

DVTimes

Hope you get it sorted out.

After all its not just people who run nats paysites, its all the affiliates too that are going to be affected.

__________________
The Affiliate Program

JOKER

And to be honest, personally, I'm fucking PISSED about it.

Merry fucking Xmas.

Now take this a step further and ask yourself: How many affiliates maybe used the same password for ePassPorte as well - since the NATS data already supplies the ePassPorte Account-name - the next step for the hacker was easily to try the user / password combo - now think back of the TrafficHangar incident and how many have been affected... get the picture I draw here?

Not happy about this, in the LEAST.

S.-

__________________
Facilitation - BizDev - Traffic - Consulting - Marketing
Skype: jokerempire | Silent Circle: joker

Mutt

so what programs were being advertised in the spam emails that came from hacking NATS?

SlickCash was just sued by Facebook for attempting to hack their users' information including emails.

this is not a good day for NATS - not because it was hacked - no software is inpenetrable but seems like NATS had many warnings and the action taken wasn't thorough enough.

__________________

the indigo

This is the most important thing to do if we are able to research it.

The criminal (yes it's a crime, I'm tired of geeks that think internet is not serious) could be linked to the referrals/products. If the list was sold, then we need to know who sold it.

__________________
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." -Hunter S. Thompson

paymeback

heres a bump

__________________
ICQ:36-43-49-11

the indigo

We found the solution. I think NATS should give more details regarding this recommendation so people don't get stuck outside of their member area if their IP changes.

__________________
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." -Hunter S. Thompson

JDog

I have to agree with ShotGun and ladida, that everything is hackable and everything will have it's day that it was hacked. Not just adult companies, but mainstream too. How many exploits have there been for Linux & Windows? How many times have personal information been lost by credit card companies? Everything is hackable and everything will be hacked once. There's no stopping it, the only thing that you can do is get a hold of the company providing the software and have them patch it ASAP. Now if John did have prior knowledge of this prior to today, which it seems, he should have contacted every client running that version of that software that was affected. Let them know what needs to be done and supply a patch, or let them know what to change (ssh passwords, etc, etc).

Now as for this comment. I feel that if John knew it, HE doesn't need to make a public statement, but he does in fact need to let their clients, EVERY SINGLE CLIENT, know that one one of their servers has been compromised. But only if their server contains data about a clients machine (server ip, ssh port, ssh user, ssh pass, etc, etc). But at the same time, it'd be public because a client would post on GFY or one of the other boards. This also brings up the fact that any machine visible on the web should have a software firewall on their machine, iptables is fine. Block every port except those needed by web server (port 80, 443 and any others). Then only allow say for SSH the IP addy's needed for the certain people.

It might be a pain in the ass, but that's the best way to keep somebody out, even if they have your information, atleast they can't FTP or SSH into your box.

__________________
NSCash now powering ReelProfits.com
ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD
PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash
NOW OFFERING OVER 60 SITES
CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

JDog

Not really. I don't think NATS stores CC data in their DB. I don't know of any affiliate program that does, the only ones that should would be the ones that have their own processing. Meaning they are doing the processing themselves. Not using a processor like Epoch/CCBill.

__________________
NSCash now powering ReelProfits.com
ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD
PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash
NOW OFFERING OVER 60 SITES
CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

crockett

Seems to me when looking at both of these together it appears there is a smoking gun here. I don't have access to that forum or know where it's at. Spacedog can you tell us what that post is in context too?

For all we know he could be talking about a cheerleader squad. I realise it's likely not that, so what was his post a response too?

will76

You can always follow the money trail. They have to be spamming a program with the emails. They had to provide a way for that program to pay them.

There is also the possibility that someone could have been trying to harvest data. Imagine if one program got to see who all of your top affiliates were, how much they make, a way to contact them, and what sites they used to send you sales. I think that kind of information would be 100x more valuable to the right people then a bunch of member's emails.

__________________
ICQ: 86364801 Email: will [at] innovativeassets [dot] com

baddog

From what I have been told, that is a very good idea.

baddog

Yes, because you are a whale.

Drake

Affiliate data + members emails = huge value

Brad Mitchell

And to think I almost went to bed without checking email and GFY.

OMFG, speechless.

For any of you that are MojoHost customers Corey and I will be assessing the entirity of the situation tomorrow and in contact with all NATS customers that we host personally by every means available to us. We are committed to being as helpful as possible regarding this situation. Please do not hesitate to contact me on my cellular phone any time of day or night with any questions or concerns.

Brad

__________________
President at MojoHost | brad at mojohost dot com | Skype MojoHostBrad
71 industry awards for hosting and professional excellence since 1999

WiredGuy

Great thing to do Brad ;)
WG

__________________
I play with Google.

Mutt

LOL @ the dumbasses who think Fred from TMM is the culprit

__________________

milan

Brad,

Hit me up tomorrow on ICQ or email I have the full details on this and I think us leading hosting providers to this industry should share to protect our customers. (mike-webair this goes out to you to)

I might just go public with the info we have as well since at this point it's out, I still have respect for the idea that security issues should be secret until their fixed. Even tho TMM hasn't fixed their issue 4 months later.

__________________
QuadraNET - ICQ:2222 15312 - milan [nosp@m] QuadraNET.com
24/7 "REALLY ON-SITE" Support - Completely Premium Network
Public & Private Network, Remote Reboot, Private VLANs
99.99% Guaranteed Network Uptime / BGP4 Multihomed
24/7 LIVE CHAT, Phone and Ticket Support
1-888-5-QUADRA

Brad Mitchell

Email sent, thank you Milan. I believe that our clients and community at large would all be well served to put our heads together on this.



Brad

__________________
President at MojoHost | brad at mojohost dot com | Skype MojoHostBrad
71 industry awards for hosting and professional excellence since 1999

milan

I just sent you the info we have on the problem, how long we are aware of it and steps we tool to track and protect our clients, Let me know your thoughts about releasing this to the community.

__________________
QuadraNET - ICQ:2222 15312 - milan [nosp@m] QuadraNET.com
24/7 "REALLY ON-SITE" Support - Completely Premium Network
Public & Private Network, Remote Reboot, Private VLANs
99.99% Guaranteed Network Uptime / BGP4 Multihomed
24/7 LIVE CHAT, Phone and Ticket Support
1-888-5-QUADRA