Originally Posted by crockett

Seems to me when looking at both of these together it appears there is a smoking gun here. I don't have access to that forum or know where it's at. Spacedog can you tell us what that post is in context too?

For all we know he could be talking about a cheerleader squad. I realise it's likely not that, so what was his post a response too?

Originally Posted by PBucksJohn

I'm sorry to hear that.

Originally Posted by rayadp05

I rebooted, deleted temp files, history, cookies and everything...still cannot view the news clip. All I see is that fucking gay ass music video from "Rick Roll". Anyone else have a different link to the news clip?

Originally Posted by quantum-x

Fred is the lead programmer of CARMA and NATS at TMM.
It's probably normal that admin accounts are under his name, it would be the most logical. I don't think you can conclude that it's Fred that's doing it, simply because that's the name on the admin account.

As if you'd leave your full name on you own hack..

Originally Posted by quantum-x

Fred is the lead programmer of CARMA and NATS at TMM.
It's probably normal that admin accounts are under his name, it would be the most logical. I don't think you can conclude that it's Fred that's doing it, simply because that's the name on the admin account.

As if you'd leave your full name on you own hack..

Originally Posted by AlienQ

Of course.

It was the lead admins account but it was not him and uhh uhh...


How Convenient!
If I knew that people were really that easy to pull one over on I would certainly be alot wealthier today.

ROFLMAO!

I mean NATS is a top notch crew it was just a glitch!

Originally Posted by TheSenator

I nominate this thread for DRAMA of the year award.

Originally Posted by kmanrox

i *may* have always been under the understanding that the processors sold off their email lists... i *may* have heard this from many webmasters that it *may* be an assumed occurence.. that's all i will say

*disclaim the above is not implying, implicating, suggesting or accusing anyone of doing anything uncuth or unlawful. the above is simply things one *may* have heard thru the 'grapevine'

Originally Posted by stevo

3- Generic admin username/password created by installer. For example, if i remember correctly:

Username: (employee/installer name)
Password: (i wont post on a public board, but also very generic)

If this employee, used the same technique on several installs, i could see a problem... This could also explain why the problem is small scale.

Originally Posted by quantum-x

Hit stats for a NATS sponser. 2006. Hmm.

This is thin, thin 'evidence' though.

Originally Posted by quantum-x

Hit stats for a NATS sponser. 2006. Hmm.

This is thin, thin 'evidence' though.

Originally Posted by Mutt

so shouldn't all NATS program owners be checking their server stats now for that IP?

Originally Posted by tdfcash3

theres no stopping this thread is there

Originally Posted by Johny Traffic

what you doing over these parts with all the yanks

Originally Posted by borked

Why? Every time they log in to the admin in response to the ticket, you'll find that IP shows up in the logs. All normal behaviour. Noting out of the ordinary in that screencap.

If you reread the thread again, I think you'll find it's other, non-TMM IPs that are the problem.

Originally Posted by Tempest

I'd say about 70% of the nats programs I sign up to (each with a very unique email address just for that program)... within about 3-5 weeks I start getting spam on that email address... Been mentioning it to some programs for a long time now but no one knows what to do about it... However... When I sgned up to topbucks as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... signed up to silvercash as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... I think the issue isn't just tied to 1 thing.

Originally Posted by borked

Why? Every time they log in to the admin in response to the ticket, you'll find that IP shows up in the logs. All normal behaviour. Noting out of the ordinary in that screencap.

If you reread the thread again, I think you'll find it's other, non-TMM IPs that are the problem.

Originally Posted by Mutt

owning a hosting company or affiliate software company would be about as stressful as it gets in this industry.

what if this isn't a hack of NATS but a new or even unknown exploit of mysql or apache - then NATS is just an innocent bystander and hosting companies are as much or more responsible?

Originally Posted by ladida

You sure yap'd alot of nonsense in that post of yours, however, i don't think anything, unlike you. I know, since i have been shown emails where program owners have been notified, or i have notified them myself, and they ignored problem, untill it is brought up in a thread like this for example (i didn't say ALL, nor did i mean you since i dont even know you). So again, think before you speak, or don't speak at all, at least don't attack the person you know nothing about.


I don't have to point you anywhere since i dont owe you anything. I trade info, and you are not on my list of clients. Those that i speak of know it's them and they won't dispute my post. If they do, it'll get even funnier. I just stated how things are, whether you chose to believe it or not, it's your business, but i'm not gona stand by when clueless people attack me for what i know.


Furthermore, there's alot of backstabbing in this thread from people that supposedly "want to help". So nats got hacked. WOOO HOOO... What do you (or other in the thread) know exactly of the time that Mansion got hacked? Strongbox? Sitedepth? AdultWebware? Or any other shit that people use?
So some are furious that they have not been notified? LOL. Get a grip. Ofcourse John is not gona make a public statement their server is compromised (if it is), or that they have a problem in the code. It'd be a suicide. Same as when any other porn company gets hacked, you don't see a public apology here that people's emails/personal info got harvested do you? No, they fix the shit and move on (or don't even fix it and blame someone else). Or when software companies fix faults in their software on your server without you even knowing that it was a live exploit through which your server got hacked?

Originally Posted by kmanrox

surely i cant the only one who may have hypothetically heard for years of the availablility of processor dbases for a hefty price?

Originally Posted by JDog

Now as for this comment. I feel that if John knew it, HE doesn't need to make a public statement, but he does in fact need to let their clients, EVERY SINGLE CLIENT, know that one one of their servers has been compromised. But only if their server contains data about a clients machine (server ip, ssh port, ssh user, ssh pass, etc, etc). But at the same time, it'd be public because a client would post on GFY or one of the other boards. This also brings up the fact that any machine visible on the web should have a software firewall on their machine, iptables is fine. Block every port except those needed by web server (port 80, 443 and any others). Then only allow say for SSH the IP addy's needed for the certain people.

It might be a pain in the ass, but that's the best way to keep somebody out, even if they have your information, atleast they can't FTP or SSH into your box.

Originally Posted by RazorSharpe

Okay, it seems banning the account makes no difference as the person is still able to login:

67.19.188.250 - 2007-12-22 09:30:32
67.19.188.250 - 2007-12-22 03:30:31
67.19.188.250 - 2007-12-22 00:23:23

I submitted a ticket to TMM yesterday telling them I could not secure the admin via IP since i run on a dynamic IP. They said they couldn't help me till tomorrow. I said it was serious and they said if I had banned the account it would be fine. Obviously not the case.

...

Originally Posted by Tempest

I'd say about 70% of the nats programs I sign up to (each with a very unique email address just for that program)... within about 3-5 weeks I start getting spam on that email address... Been mentioning it to some programs for a long time now but no one knows what to do about it... However... When I sgned up to topbucks as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... signed up to silvercash as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... I think the issue isn't just tied to 1 thing.

Originally Posted by HS-Trixxxia

Tempest - I can guarantee you, Topbucks never sent you one email. I STRONGLY suggest you send a copy of 'that' email or any email that you got with the account specifically to them to support. I will point them to this post either way.

Originally Posted by commonsense

AlienQ invented suspecting

Originally Posted by ladida

Yea, that would be the RIGHT thing to do.

But then, when a program gets hacked through other means then nats, and their whole customer base with info gets stolen, and affilate data gets stolen, would they also need to issues such a statement? Informing all of the affiliates that the data might be breached and that they should change their passwords? Hmm.. Double standards?

@RazorSharpe
Buuuhuuu, did i burst your buble of the perfect world?

Originally Posted by SiMpLe

Called Caz and threaten to sue for what - Letting people know about a serious exploit?? wtf

As the day goes on and more people keep coming to me saying "Thank You" it just keeps getting better and better. I'm at a loss for words right now.

Originally Posted by PBucksJohn

The amount of wrong information, assumptions, and completely wrong accusations here is astounding.

This will be my last post in this thread and possibly on this board. I am tired of people running around saying whatever they want and there being no repercussions for it. It is ridiculous and I'm not going to sit here and argue with them.

This fully appears to be a compromised password list. It is not an "exploit" in the software. It is not Fred spamming your members, etc. We have changed our policy so that we no longer maintain ANY passwords to ensure this does not happen via us ever in the future. We are also continuing to implement other protective measures.

Those of you who have actual valid feedback and comments I appreciate them. Anyone is welcome to contact us regarding this with their questions or concerns and we will be further communicating directly with our clients about it.

However as to dealing with the people who make their living making things up about other people, I'm done here.

Originally Posted by Quickdraw

It's very widespread and has been brought up on numerous occasions. Whenever it is brought up it gets the classic GFY response of belittling the messenger.
This is one that comes to mind, although it has come up many times before.
I use to use a unique email for every sponsor I joined, and with NATS sponsors the result was always the same, so I quit signing up to sponsors using NATS.
http://www.gfy.com/fucking-around-and-business-discussion/752142-sponsor-selling-webmaster-emails-nats-security.html

The weird relationship that John and Quickbuck have doesn't make me feel any easier about the whole situation either. Considering the Quickbuck system is all NATS, I find this quote a bit odd. Business may be business, but how can either one of these companies do business with each other?

Originally Posted by RazorSharpe

Okay, it seems banning the account makes no difference as the person is still able to login:

67.19.188.250 - 2007-12-22 09:30:32
67.19.188.250 - 2007-12-22 03:30:31
67.19.188.250 - 2007-12-22 00:23:23

I submitted a ticket to TMM yesterday telling them I could not secure the admin via IP since i run on a dynamic IP. They said they couldn't help me till tomorrow. I said it was serious and they said if I had banned the account it would be fine. Obviously not the case.

...