nudecanada

Anyone notice that Verotel username/passwords are all over password boards?

Their combos are impossible to crack. Yet I see sites with dozens of Vertoel un/pw posted on boards all over the place.

In the Verotel forum, they claim your passwords are being sniffed. I call bullshit on that.

Any ideas as to the how the password traders are getting lists of Verotel un/pwd's? could it be from Verotel themselves?

doober

like fuckig crazy in the past 24hrs
wtf is going on?

nudecanada

Something is messed up.

They are not being brute forced. No one is running a bot against your sites trying to guess combos.

They are not username/passwords taken from a wordlist

These are username/passwords that were:

A: sniffed, as your browser passes them in plain text. I am not a nerd, but I believe someone would have to be sniffing packets on the subnet your server is on in order to do this. (highly unlikely)

B: Verotel has some naughty employees (possible, but doubtful)

C: Their servers have been hacked, or backdoored (my guess)

Thing is, the usernames and passwords are of paying, legit customers. They haven't been added to your password file by an exploit of the verotel scripts on your server. And it isn't a few here and there. It is every username/password that Verotel has in your password file.
The odds of that many un/pw combos being brute forced, guessed, or sniffed are nil. These usernames/passwords are being leaked from Verotel's end.

Wutz up, Verotel? Care to come clean on this?

Shoplifter

There is something going on. I had a talk with their support two days ago after I found that our join pages had suddenly stopped working and were returning an improperly formatted html error.

We couldn't find any errors at all and could only get it working again if we redid our join page with just one button.

Now the original join pages are working again today with no html error. Maybe someone was sniffing or capturing at the source...

doober

anyone else care to comment?

Perhaps verotel would like to say something?

Jizar II

Carders?

chrisp420

lol thinking about passwords being sent in clear text...

a popular "ex-AVS" if you want to call it that, passes all usernames and passwords clear text in URL strings. I notifed these people months ago, and its clear they still don't have it fixed.

all these urls get put into your weblogs, so if you really, really want to know who it is, and have avs traffic, grep out the active avs programs and inspect your logs. Its quite clear.

security seems to lack on programs, and most dont seem to care..

__________________
icq: 327189899

nudecanada

I hope not.

We are talking dozens of username/password combos for one site alone.

I don't think a carder is going to risk burning up that many cc #'s on one site.

doober

how the hell can this many passwords be comprimised?
This is starting to piss right the fuck off!!!!

SoundMan

verotel sux

borys

Most likely the site's server got hacked and their passfile has been stolen. Happens all the time and has nothing to do with their payment processor.

AnalProbe

Ehm...why don't you install SSL on your servers ?

Wouldn't be a bad idea if Verotel did that also.

I run SSL on 3 of my 8 paysites, it takes more time to load, but is way more secure. Only problem is you can't see the variables in the logs.

You can buy a certificate, or generate your own (free).

With the last option you need to convince your customers that they can trust you, but hey, they already did because they signed up...

Good luck.

jMP2

This has happened many time to our site with verotel I believe there is a security leak on their side and their lame ass programmers can't even add a feature to mass change your customers passwords which mean doing them manual one by one thanks goodness for password sentry lol

jMP2

Possible but not in our case we have taken every step imaginable to secure our box, it's only ever verotel that has the problem we also had an independent security audit done. it's coming from verotel directly in my opinion.

nudecanada

Impossible. Verotel chooses the username/password for their customers, and it is an 8 digit numerical username and a 7 digit numerical password.

If you grab a password file, sure you have the username. But you would be running John the Ripper for a long time to match just one password to a username.

Here is a list of usernames/passwords for a Verotel site posted on a password forum. No fuckin way you brute force all these, or decrypt that many passwords if you grabbed the password file without it taking forever. These are for one site...just one!

54186710:8536881
66254348:4923407
57146880:3946144
18108508:3409146
46269084:0312834
52971954:1759943
40883525:6417722
69353718:1652965
42734061:8304793
88769387:8376932
97750246:6404853
41341142:4376507
59109673:5905233
51923266:0223703
43189236:5658497
13292463:5213580
28062497:5097978
77848867:7168417
23843241:7040907
81840365:7525852
45409276:5729683
91562495:5250465
33203969:5637583
08672610:6848214
94001081:5282445
88958193:8600223
30598316:6999388
95794475:9005866
63179474:3016655

SoundMan

yeh there is some new password cracker software .. i got 6 e-mails today on it alone..

nudecanada

Yup. We are running CCBill, IBill, and Verotel on one site. Only the Verotel un/pw'ds have been compromised. Every single one of them.

To me, it is one of two things.
A lot of people are sniffing packets at a lot of ISP's, or these are coming directly from Verotel somehow. I am guessing the latter.

nudecanada

post it. I have used most of them, and no chance in hell of brute forcing a Verotel combination. It would be a fluke to get just one, never mind dozens and dozens of them for one site.

SoundMan

i deleted the e-mails they are popping in like hotcakes..

next time i see one i will post it..

powerbubba

can you name one or two of these password hacking sites? we are in the midst of adding Verotel to our site

__________________
GreatGirls.com
[email protected]
CrowsCrypt.com - Exclusive High Quality Goth
www.crowscrypt.com

nudecanada

Here's one
http://www.losena.ru/forum/phpBB2/viewtopic.php?t=650

of many.....

nudecanada

Cool shit. I would like to see what they have come out with now.

Ic3m4nZ

Everything is crackable smartass.

jimboc

They might have figured the cost of fixing the problem / time spent and mass changing password outways the cost of doing nothing.

__________________

powerbubba

interesting board, interesting how they a clickable link directly off the board, when I used to look at our raw log files, I seldom found what was linking to us (referrer info passed by the browser)

__________________
GreatGirls.com
[email protected]
CrowsCrypt.com - Exclusive High Quality Goth
www.crowscrypt.com

JDog

Isn't MD5, which .htpasswd files password fields uncrackable, or has somebody cracked them?

jDoG

__________________
NSCash now powering ReelProfits.com
ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD
PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash
NOW OFFERING OVER 60 SITES
CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

WebDork

Interesting. I have noticed a bucketload increase in traffic on my site in the last few days without any increase in sales (in fact my new sales are practically non existant for the first time in a long time) - anyway checking my logs I found multiple IP's logged in using the same username and pass. Im blaming Verotel...

__________________
Video Ipod Porn Site with Affiliate Program. http://www.podies.com
Free 1:1 Adult Webmaster Banner Exchange.

borys

No, actually Verotel passes are extremely easy to decrypt in JTR beacause they're pure numerical. With standard DES encryption that's done in a few minutes. So when a hacker runs a mixed passfile of Verotel and other billers in JTR, he will get the Verotel passes first.

nojob

this shit is fucked up!!!!!!!! Cant trust no one..

HairToStay

I used Verotel a long time ago, and had the same problem just one time. Is your directory with the text file protected? If I remember right, it logs it to .htpasswd as well as verotellog.txt .... and while you can configure Apache to not allow people to read dot files (.htaccess, .htpasswd), most people don't protect their directories to stop the reading of a plain old text file.

__________________
Make bank by giving your surfers free pics every day and it costs you NOTHING! Use POTD Sponsors to find adult sponsors in more than 75 niches who offer a POTD feature!

nudecanada

Interesting. It's been years since I used that program. But, my password file has easier un/pw than the Verotel ones, and they have not been compromized. Only the Verotel logins have been hacked, and not just one. Everyone of them. The CCBill and Ibill ones haven't been touched.

nudecanada

I know what you are talking about. Our passfile and verotellog.txt aren't even in the home directory on the server.

I still think it is Verotel. Waiting an e-mail response...they haven't replied.

V_RocKs

Is it possibly Verotel was hacked? Maybe. But more often it is problems that have already been stated here. The weakest point in your security is usually being virtual hosted. In most cases someone on that server of anywhere from 10-200 other accounts is a program that will allow someone to access the server as though they were in a telnet session. Other problems would be the ability to read any file that is allowable by the user the web server is running under (your password files for example).

Now, unless you have 500 websites that have the same problem as the one in the previous reply, http://www.cum-alot.net/, then you are probably just experiencing the same phenomina you experience when you buy a Volkswagen Beetle and then notice "Everyone" else is driving one too.

ALL OF THE PAYMENT PROCCESSORS HAVE HAD PROBLEMS AT ONE POINT OR ANOTHER (AND I WILL STRESS ALL OF THEM).

As for verotel passes being in DES format, 99% of your passwords are. It isn't a verotel issue. As for them being numeric, and there for, easier to crack when you have the password file, IT ISN'T VEROTEL'S PROBLEM IF YOU ALLOWED A HACKER TO OBTAIN YOUR PASSWORD FILE! Are they easier to crack? NO! They are not the easiest. The easiest to crack are dictionary passwords. ie, apple, jennaj, pantyman, loosewet, etc... So your IBILL passwords that allow 3 and 4 character passwords are the easiest. After that, anyone who allows less than 8 characters. And even if had an 8 character minimum, I would save time by running only 8 character tries, not wasting time on less than 8 character passwords with the knowledge that you have this requirement.

So the point is? Stop virtually hosting, stop taking your security into your own inexperienced hands, and stop spreading rumors about which you don't know anything about in a first hand way. (Though I will applaud you for having tried JTR, and, it hasn't changed much in the last 5 years).

Big E

Has anyone even vetted Verotel's script to see if there's a security hole?

What's MOST likely happening is that there's a way to insert a username and password remotely, bypassing any security features (injection, etc).

Almost every third party processor script I've ever seen has had holes (or potential holes, some I never even really looked at).

MikeStew

Well, i was using an outdated verotel script 1.1 (1998) but it's the onlyone i can find in the control panel!

The fact : someone got my password file, either from me or verotel servers and i believe i know the source (an irc channel).

the script on my server had a name like this 329489dsjal/4324234241.pl so i hacker couldn't just guess the name!

Talked to ray from strongbox, he installed this great script with an unique type of protection, made a script so i can change all my members passwords and email then, i have to give a thumbs up to ray and strongbox, so far the best!

Ray also told me that there's a "new" verotel script version 2.5(1999), the strange fact is that i can't download this version from verotel's control panel, only the 1.1 version that has alot of holes.

I have to thank Ray cause he installed the new version for me!

The irc channel on irc.thundercity.net is #asp
You can find a lot of sites and crackers online accepting requests!!! I just can't believe...

I know it's not the only source but i believe it's a big source from all the password sites.

Can't we do nothing to shut down this kind of channel/site?

scooby doo as scooby does

Heh, yeah #asp is fucking fantastic. I've never mentioned them on here before, didn't want to spread it around. I check in there once a week or so to see if my sites have been cracked. I'm pretty sure they get a load of pass'es off other sites such as the password forums as well, even cracking around the clock, they don't seem to have enough guys doing it to get 50,000 odd pass'es they always seem to have available. It's a good central place to see if your site has been compromised. I have been known to request one of my sites cracked to check it's security

One other thing to check if you goto #asp, visit a few sites, see how many of them are 'protected' by pennywize, strongbox et all. It's quite an eye opener.

Worth taking an #asp cracking tutorial too, I learn't a lot about protecting my boxes from them.

__________________
In 1904, Charles Newman-Berry connected two abacus's together using specially enhanced GrapeVine thus inventing the first Internet connection.

NEWMAN-BERRY CASH
Paying webmaster since 1904