3xTom

LOL wow
I cant believe you just said that....

Trixxxia

ladida - I understand your points and as it stands with the NATS issue, my least concern is the emails right now. Don't bash me for it, but I think there's a SHITLOAD more to be worried about right now than emails.

As for the Topbucks issue - I have reasons for wanting him to contact them so they can log it even if we're a few months behind.

Ray@TastyDollars

I guess we are all working through the holidays

__________________

ladida

Wasn't bashing you, wasn't my intention, just informing you, and other in the thread that are all so alerted and worried now.

And it gets even funnier with John's suicidal PR heh.

__________________
agentGFY *at* gmail.com

Ycaza

OK i forgot one thing. In my last thread on this from a few months ago (http://www.gfy.com/fucking-around-and-business-discussion/779742-oc3-networks-customers-urgent.html) I urged OC3 customers to call me directly, but If any of you running NATS are bamboozled on how to fix this please just email our support [email protected] and we'll be happy to help you. I am not here to say anything about the developer, I am just offering to help fix the issue. Same as I was before.

__________________
Caz Thrush
Head Honcho
[email protected]
http://thrushtech.com
ICQ: 304883574
do people still icq?

HS-Trixxxia

ladida - no I didn't take it as a bash just was saying that since mailing is the last thing that's concerning me right now ;)

__________________

~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~♥~~
Patrizia
COO - ♥ MassiveDollars
Email: patrizia at MassiveDollars dot com
ICQ: 465.826.441 Yahoo: trixxxia_me MSN: trixxxia at hotmail dot com

Forest

burying their heads in the sand

Oracle Porn

wow this is one hell of a thread....all I can say is wow....

the whole industry is crooked....i better get a bigger piece of the pie quick before those sharks eat it all.

__________________

JOKER

Just some friendly advice...

You might really think about this twice before you let your ego get into the way - as this REALLY is the LAST thread where this is to be used / needed in.

You do realize how many programs are affected and just about HOW many affiliates sensitive data, not even hinting at all the Members data.

So will you please reconsider and show some support here, oh and also, please FIX THIS MESS.

Considering that I, amongst others will have to deal with my stolen Identity and Data now, and change a lot of info because of it, you might probably imagine, that I will NOT enter any new data into ANY NATS install anymore before this is not 110% fixed and secured.

Maybe you can get a little sense of actually how "happy" I am about all this.
And I'm just an affiliate (of many).

I'm sure you'll do the right thing, John - this time.

Thanx,
Steve

__________________
Facilitation - BizDev - Traffic - Consulting - Marketing
Skype: jokerempire | Silent Circle: joker

Forest

OC3 goes above and beyond for their clients

J B

Two questions....

1. Was the same admin account metinioned in this thread valid for all/most NATS installs?

2. Was there a way for a NATS program owner (or employee) to get the password of this admin account?

If the answer to both questions is yes, there was no need for any exploit or hacking.

---

BTW you probably wouldn't believe how many affiliate programs have serious security holes. It has happened so many times in the last years that we got access to admin data while analyzing the affiliate stats of an affiliate program in order to add it to StatsRemote.

Just a few weeks ago we had a case with a big program (non adult). While querying the referral stats we made a mistake and sent the wrong parameters. The result was a page with a list of more than 1000 affiliates including all their info and total earnings of the last years.

Most of the times companies fix it right away after we let them know but we also had cases when they just didn't seem to care

__________________

JOKER

I don't really know what to believe here...

http://www.gfy.com/fucking-around-and-business-discussion/671565-running-nats-block-ip-active-hacker.html looks very much like a hack to me, which is especially targeting NATS installs / DB's

And from the feedback that RazorSharpe wrote, that banning the account in question did not help also suggests a backdoor, or some kind of undetermined access to add / restore logins.

The worst that can be done here is to cover this up, or try to shut helpful people up with threatening with lawyers etc.

Yes, it doesn't look good on NATS, but I'd rather see this fixed with support of ALL sides, as GFY does have some pretty bright / talented people on board and in the End to have the TRUST in NATS be restored / re-established than all of this being covered up / taken lightly.

__________________
Facilitation - BizDev - Traffic - Consulting - Marketing
Skype: jokerempire | Silent Circle: joker

Paul Markham

Been reading this on and off during the day and what comes through is the fact that NATS were alerted by threads on the boards. They did not take the necessary action then and it seems a drama thread got the right response. So John consider that before you flame people.

Also GFY is not the centre of the Adult Internet, there are many big programs and sites with NATS who do not post or follow the boards, especially GFY.

So has this been spread around other boards? You ask why, well the answer is simple. Has anyone told NATS about the problem earlier by submitting a ticket to them and what was the response?

If the answer is YES, then NATS should consider getting their lawyers working on this.

__________________



Blowout deal. 880 videos, 2,400 image sets, plus many RAW videos. $500.
PM me for a deal. Skype Paulmarkham70

spacedog

These ips keep getting posted that are from The Planet, so does this mean the person doing it is using a proxy that's hosted @ The Planet, or has their program on a server there?

Probably already being done, but perhaps The Planet would assist in tracking down whoever/whatever is doing it. Seeing the amount of logins, etc, then makes sense that a bot/program of some sort is doing it, so that program/bot needs to be found.

JOKER

probably just one comprimised server of many, if the guy is any smart the trail won't end just there...

But yeah, it would be a step into the right direction to actually find the guy.

__________________
Facilitation - BizDev - Traffic - Consulting - Marketing
Skype: jokerempire | Silent Circle: joker

Nysus

I think the issue is that this was brought up many months ago on different boards, and not actually dealt with, nor were customers told to check as a precaution. That's bad.

__________________
What name is pr0 / Untouched Markets using these days? Untouched Markets - pr0 - Refund My Money Now

Someone owes me $2,000 because they didn't do any work that was paid for *pointing at pr0 / William / UntouchedMarkets*

See http://www.gfy.com/fucking-around-and-business-discussion/948258-untouchedmarkets-pr0-refund-money-post16744521.html and for more detailed see http://www.gfy.com/fucking-around-and-business-discussion/948645-re-recent-bullshit-drama-explained-detail-pr0-untouched-markets.html

RP Fade

wow this is still going. hope some issues got resolved for those affected.

__________________
HomemadeCash.com - Homemade & GF sites powered by NScash.com
HomemadeVideoPass.com - The only all homemade mega site
OurHomemadePorno.com - Real couples fucking on camera
Contact ICQ: 400-786-531 Email: fade AT nscash.com

TheDoc

You people are blaming the wrong Company... NATS has a protection system built in, straight in the admin - config section.

This isn't a NATS exploit - it's an exploit on programs that didn't use the NATS features to protect itself properly.

Every program, db, software, script.. all of it is hackable and with 100's of people using NATS it's going to be VERY targeted. Don't blame NATS, blame the damn programs - it's their fault for not using the protection and got exploited.

__________________

3xTom

I banned the user yesterday
still logging in today


67.19.188.250 - 2007-12-22 10:26:30
67.19.188.250 - 2007-12-22 04:26:27
67.19.188.250 - 2007-12-21 22:26:38
67.19.188.250 - 2007-12-21 18:56:46
67.84.12.95 - 2007-12-21 18:32:27
67.84.12.95 - 2007-12-21 18:32:06
67.19.188.250 - 2007-12-21 16:26:34
67.19.188.250 - 2007-12-21 10:26:44
67.19.188.250 - 2007-12-21 04:26:28
67.19.188.250 - 2007-12-20 22:26:39
67.19.188.250 - 2007-12-20 19:01:25
67.19.188.250 - 2007-12-20 16:26:36
67.84.12.95 - 2007-12-20 12:49:39
67.84.12.95 - 2007-12-20 11:45:32
67.19.188.250 - 2007-12-20 10:26:32
67.19.188.250 - 2007-12-20 04:26:29
67.19.188.250 - 2007-12-19 22:26:39
67.19.188.250 - 2007-12-19 19:02:09
67.19.188.250 - 2007-12-19 16:27:00
67.19.188.250 - 2007-12-19 10:26:57
67.19.188.250 - 2007-12-19 04:26:53
67.19.188.250 - 2007-12-18 22:27:03
67.19.188.250 - 2007-12-18 18:27:13
67.19.188.250 - 2007-12-18 16:27:05
67.19.188.250 - 2007-12-18 10:27:02
69.94.70.187 - 2007-12-18 04:26:58
65.110.53.100 - 2007-12-17 18:25:48
65.110.53.100 - 2007-12-17 16:27:06
65.110.53.100 - 2007-12-17 10:27:02
65.110.53.100 - 2007-12-17 04:26:59
65.110.53.100 - 2007-12-16 18:25:57
65.110.53.100 - 2007-12-16 16:27:04
65.110.53.100 - 2007-12-16 10:27:00
65.110.53.100 - 2007-12-16 04:27:13
65.110.53.100 - 2007-12-15 22:27:09
65.110.53.100 - 2007-12-15 18:26:00
65.110.53.100 - 2007-12-15 16:22:25
65.110.53.100 - 2007-12-15 10:22:21
65.110.53.100 - 2007-12-15 04:22:17
65.110.53.100 - 2007-12-15 02:19:28
67.84.12.95 - 2007-12-14 17:51:59
67.84.12.95 - 2007-12-14 17:47:03
0.0.0.0 - 2007-12-14 04:26:58
0.0.0.0 - 2007-12-13 22:27:09
0.0.0.0 - 2007-12-13 18:26:36
0.0.0.0 - 2007-12-13 16:27:05
0.0.0.0 - 2007-12-13 10:27:02
0.0.0.0 - 2007-12-13 04:26:58
0.0.0.0 - 2007-12-12 22:27:08
0.0.0.0 - 2007-12-12 18:27:06
0.0.0.0 - 2007-12-12 16:27:05
0.0.0.0 - 2007-12-12 10:27:02
0.0.0.0 - 2007-12-12 04:26:58
0.0.0.0 - 2007-12-11 22:27:08
0.0.0.0 - 2007-12-11 18:24:03
0.0.0.0 - 2007-12-11 16:27:05
0.0.0.0 - 2007-12-11 10:27:01
0.0.0.0 - 2007-12-11 04:27:01
0.0.0.0 - 2007-12-10 22:27:20
67.84.12.95 - 2007-12-10 18:33:54
0.0.0.0 - 2007-12-10 18:25:04
0.0.0.0 - 2007-12-10 16:27:01
67.84.12.95 - 2007-12-10 14:51:06
67.84.12.95 - 2007-12-10 14:45:45
67.84.12.95 - 2007-12-10 14:38:23
0.0.0.0 - 2007-12-10 10:27:00
0.0.0.0 - 2007-12-10 04:26:53
0.0.0.0 - 2007-12-09 22:27:01
0.0.0.0 - 2007-12-09 18:25:20
0.0.0.0 - 2007-12-09 16:27:12
67.84.12.95 - 2007-12-09 16:12:43
0.0.0.0 - 2007-12-09 10:26:58
0.0.0.0 - 2007-12-09 04:27:19
0.0.0.0 - 2007-12-08 22:27:27
0.0.0.0 - 2007-12-08 18:24:37
0.0.0.0 - 2007-12-08 16:27:37
0.0.0.0 - 2007-12-08 10:27:30
0.0.0.0 - 2007-12-08 04:27:32
0.0.0.0 - 2007-12-07 22:27:27
0.0.0.0 - 2007-12-07 18:23:38
0.0.0.0 - 2007-12-07 16:27:41
67.84.12.95 - 2007-12-07 14:07:32
67.84.12.95 - 2007-12-07 13:28:26
0.0.0.0 - 2007-12-07 10:27:28
67.84.12.95 - 2007-12-07 09:26:17
0.0.0.0 - 2007-12-07 04:27:27
0.0.0.0 - 2007-12-06 22:27:44
0.0.0.0 - 2007-12-06 18:21:23
0.0.0.0 - 2007-12-06 16:27:30
0.0.0.0 - 2007-12-06 10:27:34
0.0.0.0 - 2007-12-06 04:27:25
0.0.0.0 - 2007-12-05 22:27:45
0.0.0.0 - 2007-12-05 18:24:34
0.0.0.0 - 2007-12-05 16:27:46
0.0.0.0 - 2007-12-05 10:27:52
0.0.0.0 - 2007-12-05 04:27:36
0.0.0.0 - 2007-12-04 22:27:40
0.0.0.0 - 2007-12-04 18:26:32
0.0.0.0 - 2007-12-04 16:27:28
0.0.0.0 - 2007-12-04 10:27:25
0.0.0.0 - 2007-12-04 04:27:19
0.0.0.0 - 2007-12-03 22:27:22
0.0.0.0 - 2007-12-03 18:24:05
0.0.0.0 - 2007-12-03 16:27:27
0.0.0.0 - 2007-12-03 10:27:27
0.0.0.0 - 2007-12-03 04:27:19
0.0.0.0 - 2007-12-02 22:27:32
0.0.0.0 - 2007-12-02 18:29:20
0.0.0.0 - 2007-12-02 16:27:25
0.0.0.0 - 2007-12-02 10:27:25
0.0.0.0 - 2007-12-02 04:27:16
0.0.0.0 - 2007-12-01 22:27:29
0.0.0.0 - 2007-12-01 18:25:23
0.0.0.0 - 2007-12-01 16:27:34
0.0.0.0 - 2007-12-01 10:27:36
0.0.0.0 - 2007-12-01 04:27:27
0.0.0.0 - 2007-11-30 22:27:36
0.0.0.0 - 2007-11-30 18:22:11
0.0.0.0 - 2007-11-30 16:27:35
0.0.0.0 - 2007-11-30 10:27:31
0.0.0.0 - 2007-11-30 04:27:30
0.0.0.0 - 2007-11-29 22:27:33
0.0.0.0 - 2007-11-29 18:21:12
0.0.0.0 - 2007-11-29 16:46:29
0.0.0.0 - 2007-11-28 18:20:21
0.0.0.0 - 2007-11-27 18:19:36
0.0.0.0 - 2007-11-26 20:31:03
0.0.0.0 - 2007-11-26 18:19:43
0.0.0.0 - 2007-11-25 18:24:23
0.0.0.0 - 2007-11-25 16:27:32
0.0.0.0 - 2007-11-25 10:27:31
0.0.0.0 - 2007-11-25 04:27:29
0.0.0.0 - 2007-11-24 22:27:31
0.0.0.0 - 2007-11-24 18:23:20
0.0.0.0 - 2007-11-24 16:27:32
0.0.0.0 - 2007-11-24 10:27:48
0.0.0.0 - 2007-11-24 04:27:47
0.0.0.0 - 2007-11-23 22:27:40
0.0.0.0 - 2007-11-23 18:21:11
0.0.0.0 - 2007-11-23 16:27:38
0.0.0.0 - 2007-11-23 10:27:33
0.0.0.0 - 2007-11-22 18:21:38
0.0.0.0 - 2007-11-22 18:10:34
0.0.0.0 - 2007-11-22 05:12:32
0.0.0.0 - 2007-11-21 23:12:42
0.0.0.0 - 2007-11-21 18:59:17
0.0.0.0 - 2007-11-21 18:22:03
0.0.0.0 - 2007-11-20 18:21:07
0.0.0.0 - 2007-11-19 22:40:38
0.0.0.0 - 2007-11-19 18:21:15
0.0.0.0 - 2007-11-18 18:16:07
0.0.0.0 - 2007-11-17 18:14:50
0.0.0.0 - 2007-11-17 14:06:53
0.0.0.0 - 2007-11-17 09:56:00
0.0.0.0 - 2007-11-16 18:15:12
0.0.0.0 - 2007-11-15 18:16:50
0.0.0.0 - 2007-11-15 09:56:16
0.0.0.0 - 2007-11-15 08:15:08
0.0.0.0 - 2007-11-14 18:18:05
0.0.0.0 - 2007-11-13 18:17:59
0.0.0.0 - 2007-11-13 16:17:26
0.0.0.0 - 2007-11-12 18:20:17
0.0.0.0 - 2007-11-12 16:00:30
0.0.0.0 - 2007-11-12 09:21:28
0.0.0.0 - 2007-11-12 07:04:37
67.84.12.95 - 2007-10-30 11:38:41
67.84.12.95 - 2007-10-30 10:43:03
67.84.12.95 - 2007-10-29 19:43:57
67.84.12.95 - 2007-10-29 18:59:22
67.84.12.95 - 2007-10-26 19:45:01
66.118.176.86 - 2007-10-26 18:51:22
0.0.0.0 - 2007-10-26 16:28:16
66.118.176.86 - 2007-10-26 10:32:06
66.118.176.86 - 2007-10-26 04:28:06
66.118.176.86 - 2007-10-25 18:22:52
66.118.176.86 - 2007-10-25 16:28:37
66.118.176.86 - 2007-10-25 10:35:50
66.118.176.86 - 2007-10-25 04:28:31
66.118.176.86 - 2007-10-24 22:28:36
66.118.176.86 - 2007-10-24 18:21:52
66.118.176.86 - 2007-10-24 16:28:26
66.118.176.86 - 2007-10-24 10:28:25
66.118.176.86 - 2007-10-24 04:30:24
66.118.176.86 - 2007-10-23 22:28:27
66.118.176.86 - 2007-10-23 18:20:56
66.118.176.86 - 2007-10-23 16:28:02
66.118.176.86 - 2007-10-23 10:28:03
66.118.176.86 - 2007-10-23 04:29:26
66.118.176.86 - 2007-10-22 22:28:09
66.118.176.86 - 2007-10-22 18:33:29
66.118.176.86 - 2007-10-22 16:28:25
66.118.176.86 - 2007-10-22 10:28:20
66.118.176.86 - 2007-10-22 04:29:35
66.118.176.86 - 2007-10-21 22:28:21
66.118.176.86 - 2007-10-21 18:25:00
66.118.176.86 - 2007-10-21 16:28:36
66.118.176.86 - 2007-10-21 10:28:18
66.118.176.86 - 2007-10-21 04:30:06
66.118.176.86 - 2007-10-20 22:28:21
66.118.176.86 - 2007-10-20 18:21:06
66.118.176.86 - 2007-10-20 16:28:06
66.118.176.86 - 2007-10-20 10:28:03
66.118.176.86 - 2007-10-20 04:30:31
66.118.176.86 - 2007-10-19 22:28:11
66.118.176.86 - 2007-10-19 18:25:30
66.118.176.86 - 2007-10-19 16:28:27
66.118.176.86 - 2007-10-19 10:28:18
66.118.176.86 - 2007-10-19 04:30:02
66.118.176.86 - 2007-10-18 22:28:32
66.118.176.86 - 2007-10-18 18:22:41
66.118.176.86 - 2007-10-18 16:28:31
66.118.176.86 - 2007-10-18 10:28:27
66.118.176.86 - 2007-10-18 04:30:03
66.118.176.86 - 2007-10-17 22:28:33
66.118.176.86 - 2007-10-17 18:22:25
66.118.176.86 - 2007-10-17 16:28:33
66.118.176.86 - 2007-10-17 10:28:28
66.118.176.86 - 2007-10-17 04:29:45
66.118.176.86 - 2007-10-16 22:28:37
66.118.176.86 - 2007-10-16 18:22:26
66.118.176.86 - 2007-10-16 16:28:15
67.84.12.95 - 2007-10-16 10:39:01
66.118.176.86 - 2007-10-16 10:28:11
66.118.176.86 - 2007-10-16 04:29:42
66.118.176.86 - 2007-10-15 22:28:16
66.118.176.86 - 2007-10-15 18:23:09
67.84.12.95 - 2007-10-15 17:26:10
66.118.176.86 - 2007-10-15 16:28:31
66.118.176.86 - 2007-10-15 10:28:32
66.118.176.86 - 2007-10-14 22:28:38
66.118.176.86 - 2007-10-14 18:19:59
66.118.176.86 - 2007-10-14 16:28:35
66.118.176.86 - 2007-10-14 10:28:30
66.118.176.86 - 2007-10-14 04:30:03
66.118.176.86 - 2007-10-13 22:28:36
66.118.176.86 - 2007-10-13 19:26:43
66.118.176.86 - 2007-10-13 18:27:33
66.118.176.86 - 2007-10-13 16:28:23
66.118.176.86 - 2007-10-13 10:28:20
66.118.176.86 - 2007-10-13 04:29:49
66.118.176.86 - 2007-10-12 22:28:34
66.118.176.86 - 2007-10-12 18:27:16
66.118.176.86 - 2007-10-12 16:28:19
66.118.176.86 - 2007-10-12 10:28:13
66.118.176.86 - 2007-10-12 04:29:41
66.118.176.86 - 2007-10-11 22:28:25
66.118.176.86 - 2007-10-11 18:15:20
66.118.176.86 - 2007-10-11 16:28:17
66.118.176.86 - 2007-10-11 10:28:18
66.118.176.86 - 2007-10-11 04:28:55
66.118.176.86 - 2007-10-10 22:28:25
66.118.176.86 - 2007-10-10 18:15:06
66.118.176.86 - 2007-10-10 16:28:26
67.84.12.95 - 2007-10-10 16:09:28
82.199.118.23 - 2007-10-10 15:03:32

Gordon G

Wow what a complete asshole you are, i was considering using NATS for my new program, no way in hell i will be now with someone like you running th company.

Dollarmansteve

GFY troll lynch mob strikes agan.

Guess what - no one cares.

Move on to your next target.

__________________
I died.

TheDoc

If you had this problem you need to... Change EVERY admin password, flip the TMM account to not have admin access, then IP lock your system down.

The guy had access to everything, changing the TMM password will not correct this.

__________________

ztik

Glad I don't use that shitty software.

Sucks for all of you program owners getting fucked by this asshole

__________________
.

milan

I just posted by popular request what we know about this issue

http://www.gfy.com/fucking-around-and-business-discussion/794159-nats-issue.html

__________________
QuadraNET - ICQ:2222 15312 - milan [nosp@m] QuadraNET.com
24/7 "REALLY ON-SITE" Support - Completely Premium Network
Public & Private Network, Remote Reboot, Private VLANs
99.99% Guaranteed Network Uptime / BGP4 Multihomed
24/7 LIVE CHAT, Phone and Ticket Support
1-888-5-QUADRA

JDog

If a program get's hacked, it is the program owners responsibility to notify anybody that has had the slightest possibility that their data was stolen. Doesn't matter if it's because of NATS or not. There are laws in the US & from what this thread said the UK too, where you're suppose to contact anybody and everyone that had the possibility of their data being stolen.

Any data gets stolen, a company should make a statement. I know I would want to know, atleast then I could change my password to my affiliate account.

__________________
NSCash now powering ReelProfits.com
ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD
PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash
NOW OFFERING OVER 60 SITES
CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

Gordon G

Fuckhead.

3xTom

I sincerely wish to thank you guys
for this critical information...

Thanks
Tom

ThePornBrain

and here's my input, not accusing anyone, just something to look into for all NATS users:

splitfinity posted this in 2006:

http://www.gfy.com/11184768-post26.html

on gfy theres user "k0nr4d" http://www.gfy.com/members/k0nr4d/ with the signature

baddog

I would not be too quick to accuse people of being a lynch mob. I have information from respected sources (that have not said jack in this thread) that this is just the tip of the iceberg.

Snake Doctor

You could still limit it by IP range. I'm sure your ISP has a limited range they assign to you when you log on, and it's doubtful that the hackers are using the same ISP as you.

I'm not saying that should relieve TMM of their responsibility to you, just saying that if you want your data secure in the meantime that's one way to do it.

__________________
sig too big

TheDoc

Konrad, has worked for me for several years. He is a php coder / webmaster.

The other post is an older exploit, which came through apache but did target nats clients (not just nats machines). It would skim international traffic, spam of course, and was the cause of unstoppable username / password leaks.

I like several others had this exploit. It was way advanced, well past Mine and Konrads skills. If he created that and does php nats plugins for me I'm going to be rather pissed.

__________________

stevo

If you ban a user, isn't their username and password still active? But instead of getting access to the affiliate program they instead just get a page that states they were banned.

That's probably why you guys are still able to track his IP address entering the system.

I simply just deleted the account.

k0nr4d

All I have to say on that topic is LOL.

__________________
Mechanical Bunny Media
Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

RazorSharpe

get a grip .... not informing clients IS solely the fault of TMM no matter how you want to spin this coz John is your friend.

__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

k0nr4d

Just in case anyone is wondering, the other exploit did come in via apache and it was some script, basically a php console for a server that would execute whatever commands you wanted using exec...

It was called something like ratpack or some shit

__________________
Mechanical Bunny Media
Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

notoldschool

shit reminds me of the idiots that blame windows because it is the most widely used OS so more people try to find exploits. I have only found more reliable data and better conversions with Nats than other companies that have shit made specifically for cheating their affiliates.

__________________
No doubt one may quote history to support any cause, as the devil quotes scripture.
-- Learned Hand

http://www.bjpenn.com

Doctor Dre

He's not flaming people, he's left the building once again... GFY could have been an userfull tool for him but he chooses to ignore it once again

__________________

Dirty D

How about this for a fact.
Yesterday, when I saw this thread and realized we have also been compromised.... I immediately opened a trouble ticket related to this issue.
It has been over 20 hours with no response to my ticket.

I would think this should be treated as the highest priority over at TMM.
This is very serious and something that ONLY TMM can resolve.
Please have one of your techs respond.

__________________

Dirty D - ICQ #1326843 - $1 Million Dollars of Bonus Money - 8,000+ FHG!
Glory Hole Girlz - Crack Whore Confessions - Tampa Bukkake - Slut Wife Training - Fuck a Fan
Electricity Play - Porn Video Drive - Theater Sluts - Skunk Riley - Ukraine Amateurs - Strapon Sessions

ladida

Hmm.. So how many of these have you seen in (let's be generous here), last 6 months?

I know from the top of my head 30 programs in that time having their data leaked, none made any statements, nor do i expect them.

__________________
agentGFY *at* gmail.com

milan

read this, it should help you solve the problem...

http://www.gfy.com/fucking-around-and-business-discussion/794159-nats-issue.html

__________________
QuadraNET - ICQ:2222 15312 - milan [nosp@m] QuadraNET.com
24/7 "REALLY ON-SITE" Support - Completely Premium Network
Public & Private Network, Remote Reboot, Private VLANs
99.99% Guaranteed Network Uptime / BGP4 Multihomed
24/7 LIVE CHAT, Phone and Ticket Support
1-888-5-QUADRA

RazorSharpe

crikey! you're still floating about acting important?

__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

ladida

I thought you went back to playing in your little sandbox? Unlike you, i'm giving facts. Anyway, just another troll to add to ignore.

__________________
agentGFY *at* gmail.com

TheDoc

John is a business client - I use NATS. I have never hung out with John, we haven't bought each other drinks, we don't know anything about each others family's, and we don't talk about anything other than Business.

And you are wrong.. NATS DID INFORM clients. They have been telling clients about the IP ADMIN feature for a long time. And after every ticket they tell you to change FTP/SSH passwords and anything else they had access too. The program owner has total control over all admin accounts, who can and when they can access. This info is in the KB, it's talked about during the Setup, and is the first thing you see in the Config Admin.

We know TMM had a security issue of some sort. However if the Program used the basic 101 security features that comes with all NATS installs then they wouldn't have had the problem to begin with.

So yeah, I know TMM screwed up - but they aren't the only ones to blame.

__________________

RazorSharpe

facts? troll? you're bloody delusional. you've given no facts what-so-fucking-ever and the only troll here is you. You're blaming nats users for an issue that nats developers knew about several months ago and never notified said users about. i think you need a little time in the "sandbox" ...

__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

RazorSharpe

I NEVER got told to about the possibility of someone using the nats admin login to access my nats installation. I do change my ssh/ftp login. This was not a breach by ssh/ftp, this was a breach by someone using the nats login that I was told would be "appreciated to be left". So if you got different info from just about every NATS program then you're a lucky guy ....

__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

baddog

So, how many people's holiday weekend has been effected by this latest revelation?

TheDoc

You ALWAYS have to assume someone could access your admin areas. If people can brute force a paysite what would make anyone think you can't brute force affiliate logins?

I know it didn't happen through ssh/ftp, they tell you to change it and any other passwords they had access to.

Of course NATS now is going to have to crack down and force all clients to lock down the systems, and prob enforce some other changes/rules too. But no matter what, if I give a program my details - it's the programs responsibility to make sure it's safe and secure.

__________________

ladida

Yea, then wait and see people coming here annoyed that this is like this or that, or they can't do this or that. People in this business lack the understanding of security soooo much, and value it even less.

__________________
agentGFY *at* gmail.com

RazorSharpe

I am no false impressions about software but I do expect that when I am pay to buy a software such as NATS and the developers of the software are aware of an issue that they will make it a priority to investigate the issue and make their clients aware of it and what they intend to do about it. I'm sure you can understand how i don't feel like this is too much to ask for.

This vulnerability specificaly targetted the NATS staff admin account and no others as far as i can tell which leads me to assume that it wasn't a brute force attack and if it were it was done because the nats staff account used the same username across multiple nats installations which is a total no-no in security 101 in and of itself.

...

__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

Mark_E4A

WOW am I ever glad I had the balls and got ride of nats long ago

CCBILL is the way to go

__________________
icq - 205700725
email - marke4a at gmail com
phone - 416-809-4393