gleem

When was the last time you (affiliate program owners) have placed a virgin email address in your member database on your server to see if your member's email list has been compromised? Bet when you do it, you will see spam on those emails in 3 to 5 days ;)

Got some serious hackers selling off member's lists fresh from hot small to huge sponsor programs DB's and the ones who buys these lists are some of the biggest affiliates in the biz.


Seed fake members in your DB and then thank me later for warning you.

__________________

bzent

Seconded.

Though, the less honest ones could be selling them... emails are worth a bit.

__________________
Real Girlfriend Porn | Black Teen Booties

SmokeyTheBear

nats or no nats ? i remember when nats got hacked by someone using their admin username and password , the hacker stole all the signup emails from each of the sponsors running nats that they compromised

__________________
hatisblack at yahoo.com

SmokeyTheBear

hmm i see nats sites in sig , bad sign. NATS seemed to want nothing to do with finding/exposing/criminally charging the culprits last time. Kind of an open invitation for hackers to try the same hack, especially when they know their target isn't interested in finding them, charging them or exposing holes.

__________________
hatisblack at yahoo.com

gleem

Nothing wrong with selling or mailing your own members, if you don't you leave money on the table, just talking about affiliate programs having their entire members DB being stolen from them without their knowledge, new members will be spammed within 3 to 5 days by the same guys. I've talked to several program owners and they all were surprised to have their DB's compromised like this after doing the test, and in each case it was the same spammer affiliates getting their lists.

The spammer will not be shut down by program owners (tried that) because they are making huge money on basically the most valuable email list ever created in the history of porn spamming.

__________________

Serge Litehead

if that's the case i would recommend seeding fake affiliate emails as well.

__________________

gleem

NATS & non nats sponsors are getting their members stolen this time. From my tests they are just cracking SQL DB's logins. Definitely not just a NATS issue, although I'm not saying it's not part of it.

My theory based on tests and collecting info on this problem is there is a group that is cracking program owners DB's by any means, including php exploits, apache/sql/smarty exploits, and then straight up brute force cracking DB's and affiliate software admins if that fails. This has been going on for over a year. Once they gain access they are selling the lists to the same group of affiliates, one gets it exclusively for about a week or two, then it's sold to another affiliate who gets semi-exclusive spam access, then it's sold to several other spammers.

__________________

gleem

affiliate lists in my case were not touched through every test we had over the last year. Not valuable enough for em to bother with. These guys are only after paysite members email addresses, they don't take their logins, so they know what's worth $$ and don't bother with anything else.

__________________

SmokeyTheBear

seems to me if there is no common factor ( nats , wordpress, etc ) then why would the hacker not go for something more valuable. Usually when semi-valuable info get's hacked , it is something tied to a software bug/hole.

__________________
hatisblack at yahoo.com

gleem

what is more valuable than lists of emails they have buyers for and the list being top tiered when it comes to spamming since every person is guaranteed (almost) to have a credit card and willing to join a porn site within the last few days. Stealing card data might be a bit riskier than just yanking email addresses from sponsors who will prolly not call the FBI for that crime. I don't keep CC data on any of my servers, but a crime like that brings a world of shit on your head.

__________________

SmokeyTheBear

cc data and affiliate data
you do have a point there, although that risk hasn't stopped people before.

__________________
hatisblack at yahoo.com

gleem

True, I don't keep CC data on my servers so I can't test if they were going after that as well other than I use my own CC's to do test joins all the time and they haven't been stolen, most sponsor other than huge programs leave the CC data at the gateways.

__________________

cwd

What kind of email are they sending?
I received one starting like that:
----
Here is your login information.

Username: daWeXeve
Password: xxxx
Website Location : http://www.lifetimeadultpass.com/
----
From: Customer Suport ([email protected])

Serge Litehead

theoretically, to be able to crack SQL DB's logins one would need to have server access in the first place as SQL servers are not open to receive connections from remote locations by default. I don't know inner workings of paysite scripts and billers how they're tied up together - but i highly doubt its required to have SQL DB access open for remote servers.

__________________

Why

exactly, and all nats did was sue the whistle blower for stating information about the matter. the IP that was hacking all of the servers was in California at a hosting company, would not have been hard to get server logs.... but sueing "reporters" in washington was more important. or.... who knows.

Why

i guess you dont know much about the value of a exmember/biller/processor list. there were some old ones that would net $5-10k+ every DAY! thats worth a lot more(money and risk wise) then a bunch of CC;s. furthermore, as far as i know, no one has ever been prosecuted for list theft, because its damned near impossible to prove. while CC theft is much harder to get away with.

customer emails are one of the most valuable assets an adult affiliate program has.... they should protect them.

raymor

Most any PHP script will provide enough access, and by default no password is required to log
in to the database. This due to a widely held misconception about how the default account works.
So default MySQL, not secured by someone who knows what they are doing + any popular PHP script = DB publicly available.


Certainly DB access to remote servers (tcp) should be disabled if possible.

__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids

PornoStar69

Anyone after dating emails? I can acquire several million, im sure they would do well - sample available upon request.

__________________
GFY King?

jigg

there's no question some programs are either compromised, or are stupid enough selling emails. I've signed up with emails that have odd, hard to guess usernames and they get spam

gleem

LOL!

__________________

gleem

Care to expand further on the MySQL default account?

__________________

Agent 488

these are very serious accusations about nats.

TeenCat

welcome to yesterday

__________________

gleem

This isn't about nats, it about DB hacking and is happening to both NATS/Non nats & custom affiliate scripts.

__________________

TeenCat

you can register to public forums, where are hackers playing game like to have control over complete adult business. group of hackers, filling their list of hacked dbs. if there is new program, new job is started and program is hacked in few days. when the hack is compromissed for public, they just post the hole and then you wake up and say oooh i am hacked those bastards! some stupid ones are putting to your passfile also logins with ishere and similar passwords, but clever ones are only spamming and making big bucks with fake watches or viagra. and, there is not only one forum where they have control over almost everything ... welcome to the internet people

__________________

gleem

where's this?

__________________

TeenCat

cant post and cant share, but not impossible to figure out, three forums in different languages, none of them is english. there is so much valuable informations to throw it out, sorry man ...

__________________

tonyparra

even if he gave you the forums names it wouldnt make a difference

__________________

gleem

wouldn't make a difference to know what sites are posted there and what the exploits are?

__________________

TeenCat

i have been doing this for free, contacted about 50 programs, received about 2 thank replies and about 5 you fucking hacker replies, the rest filled hole and didnt even bothered with reply, i have no reason to do it anymore i have also offered password and exploit reports on 4o1.info, all for free, made some announcements here on gfy, got three programs interested and i am still sending them info, but come on, three programs? no more wasting of time

__________________

gleem

Well I'd be interested, I'll even send thank you cards

__________________

TeenCat

well man cant say for 100% but will try to remember your revengebucks when will be checking some of those places, but as i said it is wasting of time now so im doing it once per month or so, will let you know if i see you somewhere anyway ... now i can give you only vip access to saff forum, where most of the hacked passwords ended, so contact me at radimcillik at gmail if you are interested in this. security of your users and affiliates in the first place everyone!

__________________

tonyparra

i like gleem and i like your program too. your always pretty level headed.

__________________

gleem

Email sent


Thanx Tony!

__________________

Klen

It's very easy to find them using google,i found once email database from one big tube site,downloaded it and it was real thing.

TeenCat

email replied, wish you best with your sites everyone!

__________________

Serge Litehead

lesson from this thread:
- restrict db access only to from known hosts (shut anonymous db access if you have that)
- use complex generated passwords for db login and anything else
- also should consider securing ssh/ftp access
- for commonly used scripts - customize them, change admin url if possible, use strict passwords
what else is missing?

__________________

TeenCat

- log all activity in admin areas on your server, get reports when unknown things happens
- do not send password through emails, do not store emails with passwords
- put your own testing real looking combos in htpasswd so you can track the hacks easily
- have all logins with captcha, not only popup 401 window

maybe sounds easy and basic, but those are things how smart kid can take your datas even without knowing any programming language

__________________

Serge Litehead

good call, abundance of basic security measures is what provides most vulnerability more often.

__________________

gleem

The password trading is of less concern than the emails, gonna have to figure out how to store emails somewhere off the nats DB.

__________________