Originally Posted by BoyAlley

Originally Posted by milan

Not everyone are angry little man and in seek of drama...

We respect first and foremost OUR customers, I have no problem with that do you?

Originally Posted by BoyAlley

Originally Posted by V_RocKs

Nice... When it comes to security, there is no competition among hosting companies. I love that!


On a side note...

IP RESTRICTION...

But my IP address changes....

Bullshit. You make enough money to call your provider and request a PERMANENT one. But they don't provide one. What the fuck? Are you on Dialup because most Cable, DSL, Broadband providers WILL give you a permanent IP if you pay monthly for leasing. Usually $20. Consider it a cost of doing business and a tax write off.

OK... But I AM ON DIALUP! So pay an admin here to setup a proxy on a dedicated server with a NON-ADULT hosting company picked at random. Have that proxy password protected.

Case closed...

The fact that a village idiot can get into this industry if he has $100,000 in inheritance money frightens me. It frightens me because when it comes to security you are all village idiots! Every last one of you!

90% of you have hackers on your boxes because they hacked your forum, your support system, your webcam software or by some other means. You don't know because all the hacker wants is your password DB and not the Emails.

They trade those DB's like Pokemon cards. They give 1 account away to each person who asks for them on newsgroups and IRC channels. It NEVER trips your strongbox, pennywize, proxy pass, etc, because they give each requester a different account. So even if the real user and the fake one use it at the same time they fall with in the AOL threshold (5 IP's in 15 minutes).

You all think.. Impossible because those previously mentioned programs shut this kinda shit down! No... They don't... Because each request gets a different account. This isn't password boards where 15,000 people get the same account. This is the designer version where everyone gets their own unique, free account.

But bandwidth is so cheap I don't give a fuck!... I know.. But in one channel on the IRC alone you will have up to 1000 people receive a password in a day. You are pissing away $35,000 a day! Smaller programs a few thousand...

Industry wide? About $800,000,000 a year is just pissed away...

OK.. Back to your original programming where you just bury your heads in the sand.

Originally Posted by TheDoc

Sad as it is to say, this is a 10+ year problem and is probably one of the biggest reasons we have seen a down turn in our industry over the last 5ish years.

I have heard it from people straight up, and we all know it to be true to. Stolen email lists or not... If you signup for a porn site you will get spamed at some point down the road.

Originally Posted by milan

I can't answer #1 as I knew they are trying to resolve this, they did not sit on their ass... (I still think letting the customers know would be first priority)

as for #2 I will repeat that we still have respect for the idea that security issues should be secret until their fixed. and was urged by our clients that we located the issue on their server NOT to go public or something bad will happen to them, who know what bad is but lawsuit and revoke of license is what I heard... can't confirm the second one.

Originally Posted by Dirty F

Wtf? Youre so fucking fucked in your head, you should seek help you fucking imbecile. I had my chance but got quiet? Had what chance you retard boy? Oh yeah now i remember, you said i stopped posting on gfy for 3 weeks after you said you would beat me up
Man, if you read all this shit back about yourself dont you just want to shoot yourself?
Please explain to me how exactly i got quiet and scared? Fucking delusional piece of password sharing shit!

Originally Posted by ronaldo

If I understand correctly from the other thread, OC3Networks is working with, or assisting MojoHost and quite possibly others as well.

If that's true, I have to give props to a company (that I don't host with btw) for working DIRECTLY WITH their competition to help solve an issue that effects our entire industry instead of capitalizing on it for their own gains.

That deserves the utmost respect.

Originally Posted by Ycaza

woh, I am taken aback and happy to accept the apology. Thank you john, I just saw this. It is our pleasure to try and help the situation. If there is more I or we can do to help resolve this, let us know.

oh and boy alley we did, months ago. I helped not only our clients, but a bunch of nats customers called me personally for the fix. I had assumed the problem was fixed from there. We just uncovered it again, In what I am told is a slightly different form.

Originally Posted by milan

We respect first and foremost OUR customers, I have no problem with that do you? and if you saw the post we had a few months back you will see we did alerted the industry but I guess the subject of the post was not appealing enough for people to ask Q's.

Originally Posted by TheDoc

Sad as it is to say, this is a 10+ year problem and is probably one of the biggest reasons we have seen a down turn in our industry over the last 5ish years.

I have heard it from people straight up, and we all know it to be true to. Stolen email lists or not... If you signup for a porn site you will get spamed at some point down the road.

Originally Posted by PBucksJohn

You're very welcome. I made the mistake of lumping you in with some of the assholes here by assuming things others told me to be true rather than looking for myself which I something I always try to do in life. I'm sorry for that.

We also believed the issued had been fixed when it first popped up and was addressed. We also fully believed we had spoken with everyone it affected. Some people here would rather perpetuate the drama than listen to things tho

If we can be of any aid to you in helping your clients or if you have any info that we could use please know that the lines of communication are always open. I look forward to sitting down with you in Vegas also.

Originally Posted by Headless

holy shit this isnt good...

Originally Posted by milan

After many MANY emails and VM's I will post what OC3 Networks discovered back in October after routine audit of 2 of our clients security.

We know this issue exist since mid Aug 2007, secured our customers and blocked the intruder IP?s from any access to our network.

We posted the thread http://www.gfy.com/fucking-around-and-business-discussion/779742-oc3-networks-customers-urgent.html and got some lawsuit treat to sue us that we could have care less? BUT when our customers that we tracked the breach on their servers got treats as well and requested us to NOT come out public with it, we honored their request.

Just as a side info, I think NATS is a great product and it's a shame that after the months they had to fix or come clean with their clients it never happened...


Credit for this below info should go to our SUPER SYSADMIN/Security fanatic Dale that has never posted on this board so I'm doing this for him, He wanted to come out with this long ago!
=====
The issue with this "intruder" does not seem to be an exploit of the nats software itself. *Someone* has access to TMM's clients database with your admin logins and passwords. That?s what the issue is. I'm not posting this to bash TMM. I'm posting this because they have had month to fix this issue and have apparently failed. They didn't even let (some of?) their customers know they implemented this "Admin activity log" and installed it behind their backs.

I've been involved with a high number of NATS clients and have found the following to be true:
*) Changing all admin level account passwords stops the intruder. He still attempts to login, but in vain.
*) As soon as TMM has admin access to NATS the intruder is back. Sometimes the same day.
*) Intruder is using an automation script that dumps the NATS members list. In some cases he is doing this every hour on the hour.
*) If you have web logs, look for hits against "admin_reports.php?report=surfer_stats&member=#### ##". You will see a number of those hits in sequential order.
*) NATS was vulnerable to SQL injection attacks. I haven't investigated whether it still is.

I have some suggestions for people using NATS:
*) Change all your admin level passwords.
*) Do not give TMM an admin account they can use anytime they want. Change the pass when they are done.
*) Restrict access to the admin*.php files by IP. This is inconvenient, but if you can do this it will circumvent any future intrusion. There may be other files you want to do this with. You can do this with apache easily (syntax depends on your version. this is for 2.0):
<Files "admin*">
Order deny,allow
Deny from all
Allow from your.ip.addr.here
</Files>
*) Keep an eye on the ssh user you have given TMM to fix/maintain your NATS install. Change their password every time they need access and as soon as they are done. I have experience with TMM ssh-ing in and making changes to NATS software without permission.
*) Be thankful of many things I'll not get into.

Originally Posted by milan

After many MANY emails and VM's I will post what OC3 Networks discovered back in October after routine audit of 2 of our clients security.

We know this issue exist since mid Aug 2007, secured our customers and blocked the intruder IP?s from any access to our network.

We posted the thread http://www.gfy.com/fucking-around-and-business-discussion/779742-oc3-networks-customers-urgent.html and got some lawsuit treat to sue us that we could have care less? BUT when our customers that we tracked the breach on their servers got treats as well and requested us to NOT come out public with it, we honored their request.

Just as a side info, I think NATS is a great product and it's a shame that after the months they had to fix or come clean with their clients it never happened...


Credit for this below info should go to our SUPER SYSADMIN/Security fanatic Dale that has never posted on this board so I'm doing this for him, He wanted to come out with this long ago!
=====
The issue with this "intruder" does not seem to be an exploit of the nats software itself. *Someone* has access to TMM's clients database with your admin logins and passwords. That?s what the issue is. I'm not posting this to bash TMM. I'm posting this because they have had month to fix this issue and have apparently failed. They didn't even let (some of?) their customers know they implemented this "Admin activity log" and installed it behind their backs.

I've been involved with a high number of NATS clients and have found the following to be true:
*) Changing all admin level account passwords stops the intruder. He still attempts to login, but in vain.
*) As soon as TMM has admin access to NATS the intruder is back. Sometimes the same day.
*) Intruder is using an automation script that dumps the NATS members list. In some cases he is doing this every hour on the hour.
*) If you have web logs, look for hits against "admin_reports.php?report=surfer_stats&member=#### ##". You will see a number of those hits in sequential order.
*) NATS was vulnerable to SQL injection attacks. I haven't investigated whether it still is.

I have some suggestions for people using NATS:
*) Change all your admin level passwords.
*) Do not give TMM an admin account they can use anytime they want. Change the pass when they are done.
*) Restrict access to the admin*.php files by IP. This is inconvenient, but if you can do this it will circumvent any future intrusion. There may be other files you want to do this with. You can do this with apache easily (syntax depends on your version. this is for 2.0):
<Files "admin*">
Order deny,allow
Deny from all
Allow from your.ip.addr.here
</Files>
*) Keep an eye on the ssh user you have given TMM to fix/maintain your NATS install. Change their password every time they need access and as soon as they are done. I have experience with TMM ssh-ing in and making changes to NATS software without permission.
*) Be thankful of many things I'll not get into.


P.S. Im hearing that there is a backdoor that TMM can use to get into your NATS, but I havent investigated so its speculation. Only reason I even mention this is because NATS is encrypted and you dont know. Im not interested in decrypting NATS just to find out. There are other ways. I hope this isn?t true.