so what options are left?

ehm, *cough* *cough* *cough*

damn, I'm getting a bad throat *cough*

How would someone go about finding where there was an exploit and getting rid of it?

sounds bad

have a drink of water.

Care about your own security, or hire someone if you want to be secure. No other way. And even then, you are NOT going to be unhackable, you'll just patch things faster, close holes faster, and minimise the damage. Live with it, internet is like that.
You should get that cough looked at, especially if you meant to imply they weren't hacked...

By hiring someone that's worth alot more then what people in the industry think they are. Other then that, living in ignorance is possibly the best bet. What you don't know doesn't hurt you.

Please see thread

http://www.gfy.com/showthread.php?t=779742

issue was knows to them LONG ago but rather then notifying customer they preferred the scare tactics... called Caz and threaten to sue.

great way to conduct business. :2 cents:

Your post is ignorance at its very finest. Most people here are not infuriated that the NATS script is hackable, they are infuriated, and rightly so, that the exploit may have been known to the developers for quite some time and nothing was done about it.

John's many posts have me feeling like a mug especially considering that he feels the problems was not widespread and he only informed certain clients who he thought it might have affected. Why not email all clients and request that they submit a ticket for an upgrade and have the TMM techs check it across the board? This could have been prevented if they had informed all clients from the get go.

Your mightier than thou attitude about how little and how much people know or don't know is what is funny about this thread.

...

Called Caz and threaten to sue for what - Letting people know about a serious exploit?? wtf

As the day goes on and more people keep coming to me saying "Thank You" it just keeps getting better and better. I'm at a loss for words right now. :disgust

http://corecoder.com/gfy/validate_access.jpg

Have your system admin monitor all admin accounts. By doing that you will have no more problems from this.

Seeing as you have no idea what i do, you're not only funny, but ignorant to that.

Fact 1. Several webmasters in this very thread knew about these issues. They ignored them knowingly (not the nats issue, the issues that their data is leaking)
Fact 2. Several webmasters in this thread have been notified of harvesting emails from their databases in the past and have chose to ignore it (unrelated to the problem in the thread, but they have the hollier then thou attitude)
Fact 3. There's alot more webmasters on this board that know their databases are compromised and still chose to ignore it.

Now crawl back to where you came from since you have no idea what im talking about. Nats was once a good product while Nathan was around. I don't like John from TMM, nor do i like Garry from MPA, nor do i like any other software producer more then the other. I'm just stating facts. Facts you have no idea about.

Thank you for this thread.

A real eye opener... and answers a few questions about security that have recently come up!

Hmm??

Here's something about your Fred Schank.

Scroll down to the 3rd post under service providers
http://www.getafreelancer.com/projec...rogrammer.html

"I am the lead programmer for a software company based in NJ. We design backend software for webmasters. I have done the majority of the programming on a CMS geared towards the adult industry. I am interested in finding a few projects to work on, during my free time"

Can't post other forums, so here's screen cap.
http://i15.tinypic.com/6l171gx.jpg

lets see how far this rabbit hole goes...

I didn't think I had to know you to be qualified to answer a post in which you blatantly state that all webmasters in this thread don't care about their security. You don't me or what i do to be qualified enough to make an assertion like that. Why is it so many people, yourself included, seem to think that we should know them and if we don't know them or what they do we should "crawl back into our holes"? What is that all about? Did you develop some miracle drug? Stop apartheid? Maybe brought peace to the world? No? Then i don't give two fucks who you are to be honest .... Jesus, some of you twats have an awfully high estimation of yourselves.

...

This is going to be a loooooooooooooooong thread.

best get your sig spots in and pretend you have somthing important to say on the subject.

Looks like xmass will suck this year for Nats.

OK, "agentGFY", stop the rumour-mongering right there and stop trying to be the big guy. Point me to a single post in this thread that shows a webmaster has known about this issue and ignored it? Or where one has been notified of harvesting emails and ingored it? Your "facts" are without substance.

There are A LOT of responsible programme owners in this industry, some are more conscious and aware about certain matters than others, and nobody has ignored anything.

We did not plan to post in this thread since it had nothing to do about
us. But ShotGun and ladida changed that and their posts needs a reply
from us.

Now I don't want to go in to a discussion about whether this was a hack
or an inside job. But ShotGun and ladida are correct when he say that
any program is hackable. However, they are not correct when they say
that we think that our program cannot be hacked. We are very aware of
this, and have taken all available precautions possible and we continue
to strive to keep up to date on what possible hackers try to achieve. We
even hired two known hackers to try to hack in to our program, and on
top of that when a prominent program moved over to MPA3 we had to have a
3rd party audit company go over the whole source code.

All of this and still I am not saying we are totally un-touchable. No
one is. However, the last two years we have not had one report about
any hacks, we have gotten plenty of hack attempts reported, but no
actual breach. But maybe the most important thing is that when and if
we do get any breach we stop everything else we are doing to fix and
update all programs.

I can also guarantee you all that we do not have any one password
working as master access to all MPA3 installs.

yeah seems it's overdue imo..

We were affected by this as well.... thanks to Razorsharpe for calling me today to bring this to my attention. We'll be talking to the NATS guys tomorrow and hoping to have this resolved. Nats isn't exactly cheap, I really shouldn't have to deal with problems like this.

And the list grows - "But its not widespread" pffff

Have a good Holiday people - It's family time :thumbsup

I sure hope all the techs at NATS got their Xmas shopping done early - doesn't look like they'll have time this weekend.

I truly hope that Swiftwill being diligent with security, covered our ass with this.

You sure yap'd alot of nonsense in that post of yours, however, i don't think anything, unlike you. I know, since i have been shown emails where program owners have been notified, or i have notified them myself, and they ignored problem, untill it is brought up in a thread like this for example (i didn't say ALL, nor did i mean you since i dont even know you). So again, think before you speak, or don't speak at all, at least don't attack the person you know nothing about.

I don't have to point you anywhere since i dont owe you anything. I trade info, and you are not on my list of clients. Those that i speak of know it's them and they won't dispute my post. If they do, it'll get even funnier. I just stated how things are, whether you chose to believe it or not, it's your business, but i'm not gona stand by when clueless people attack me for what i know.


Furthermore, there's alot of backstabbing in this thread from people that supposedly "want to help". So nats got hacked. WOOO HOOO... What do you (or other in the thread) know exactly of the time that Mansion got hacked? Strongbox? Sitedepth? AdultWebware? Or any other shit that people use?
So some are furious that they have not been notified? LOL. Get a grip. Ofcourse John is not gona make a public statement their server is compromised (if it is), or that they have a problem in the code. It'd be a suicide. Same as when any other porn company gets hacked, you don't see a public apology here that people's emails/personal info got harvested do you? No, they fix the shit and move on (or don't even fix it and blame someone else). Or when software companies fix faults in their software on your server without you even knowing that it was a live exploit through which your server got hacked?

You don't really need a Nats tech to resolve this.

Re-read through the thread, as some users posted instructions on how to deny Fred from gaining access to the admin

I would hope all of you who have been affected will contact the authorities about this. Whoever did this has to be somewhat knowledgeable with the industry. A run-of-the-mill hacker would have harvested the CC data as well as the e-mail data. The hacker knew what they could and couldn't get away with.

I'd suggest looking at the spam e-mails you received following the member signups. See if there is a common sponsor or theme to those spams. See if you can get the affiliate data from that particular sponsor. It shouldn't be too difficult to see who profited off this data.

ccbill is coming out with their new cascading system right on time..

Question for NATS sponsors. Would this have given them access to affiliate data? We promote a lot of NATS sponsors and store not only our business information but bank information and our password. I just want to know if they can see that and if so, we will change the payment method until the issue is resolved.

So he works for TMM?

Glad I dont use Nats

Requires quoting for a very good point - a lot of household names in there. They need dropping at your front door. Cease and assist as a wise man once said (earlier today) :2 cents:

150 exploits

Definitely did, but don't know if he does now or not.. ICQ him & ask him.

me too

problem is i promote some nats sites, and if members are getting spam due to this, they will cancell. As such I will have lost re-bills from promoting these sites.

almost.

you got 152 spot.

you need to post quicker.

I wiped him out awhile ago already. I want the tracking of the IPs of who logged in - and there, I do need a tech ;)

anyone have any success with this?

Our logs reflect the same thing

67.84.12.95 - 2007-12-21 17:52:52
67.19.188.250 - 2007-12-21 16:20:45
67.19.188.250 - 2007-12-21 10:20:46
67.19.188.250 - 2007-12-21 04:20:45
67.19.188.250 - 2007-12-20 22:20:46
67.19.188.250 - 2007-12-20 17:54:53
67.19.188.250 - 2007-12-20 16:20:45
67.19.188.250 - 2007-12-20 10:20:45
67.19.188.250 - 2007-12-20 04:20:46
67.19.188.250 - 2007-12-19 22:20:46
67.19.188.250 - 2007-12-19 17:54:54
67.19.188.250 - 2007-12-19 16:20:45
67.19.188.250 - 2007-12-19 10:20:46
67.19.188.250 - 2007-12-19 04:20:45
67.19.188.250 - 2007-12-18 22:20:45
67.19.188.250 - 2007-12-18 17:51:01
67.19.188.250 - 2007-12-18 16:20:46
67.19.188.250 - 2007-12-18 10:20:45
69.94.70.187 - 2007-12-18 04:20:45
65.110.53.100 - 2007-12-17 17:51:16
65.110.53.100 - 2007-12-17 16:20:45
65.110.53.100 - 2007-12-17 10:20:45
65.110.53.100 - 2007-12-17 04:20:45
65.110.53.100 - 2007-12-16 17:51:16
65.110.53.100 - 2007-12-16 16:20:46
65.110.53.100 - 2007-12-16 10:20:46
65.110.53.100 - 2007-12-16 04:20:46
65.110.53.100 - 2007-12-15 22:20:46
65.110.53.100 - 2007-12-15 17:51:22
207.44.162.119 - 2007-12-14 04:20:46
207.44.162.119 - 2007-12-13 22:20:46
207.44.162.119 - 2007-12-13 17:51:14
207.44.162.119 - 2007-12-13 16:20:46
207.44.162.119 - 2007-12-13 10:20:45
207.44.162.119 - 2007-12-13 04:20:45
207.44.162.119 - 2007-12-12 22:20:46
207.44.162.119 - 2007-12-12 17:51:05
207.44.162.119 - 2007-12-12 16:20:41
207.44.162.119 - 2007-12-12 10:20:41
207.44.162.119 - 2007-12-12 04:20:41
207.44.162.119 - 2007-12-11 22:20:41
207.44.162.119 - 2007-12-11 17:51:03
207.44.162.119 - 2007-12-11 16:20:40
207.44.162.119 - 2007-12-11 10:20:40
207.44.162.119 - 2007-12-11 04:20:40
207.44.162.119 - 2007-12-10 22:20:41
207.44.162.119 - 2007-12-10 17:51:15
207.44.162.119 - 2007-12-10 16:20:41
207.44.162.119 - 2007-12-10 10:20:41
207.44.162.119 - 2007-12-10 04:20:40
207.44.162.119 - 2007-12-09 22:20:41
207.44.162.119 - 2007-12-09 17:51:01
207.44.162.119 - 2007-12-09 16:20:41
207.44.162.119 - 2007-12-09 10:20:41
207.44.162.119 - 2007-12-09 04:20:42
207.44.162.119 - 2007-12-08 22:20:42
207.44.162.119 - 2007-12-08 17:51:03
207.44.162.119 - 2007-12-08 16:20:47
207.44.162.119 - 2007-12-08 10:20:46
207.44.162.119 - 2007-12-08 04:20:47
207.44.162.119 - 2007-12-07 22:20:47
207.44.162.119 - 2007-12-07 17:51:20
207.44.162.119 - 2007-12-07 16:20:46
207.44.162.119 - 2007-12-07 10:20:46
207.44.162.119 - 2007-12-07 04:20:47
207.44.162.119 - 2007-12-06 22:20:47
207.44.162.119 - 2007-12-06 17:51:13
207.44.162.119 - 2007-12-06 16:20:47
207.44.162.119 - 2007-12-06 10:20:48
207.44.162.119 - 2007-12-06 04:20:47
207.44.162.119 - 2007-12-05 22:20:47
207.44.162.119 - 2007-12-05 17:51:09
207.44.162.119 - 2007-12-05 16:20:47
207.44.162.119 - 2007-12-05 10:20:47
207.44.162.119 - 2007-12-05 04:20:46
207.44.162.119 - 2007-12-04 22:20:47
207.44.162.119 - 2007-12-04 17:51:37
207.44.162.119 - 2007-12-04 16:20:51
207.44.162.119 - 2007-12-04 10:20:51
207.44.162.119 - 2007-12-04 04:20:50
207.44.162.119 - 2007-12-03 22:20:51
207.44.162.119 - 2007-12-03 17:51:10
207.44.162.119 - 2007-12-03 16:20:50
207.44.162.119 - 2007-12-03 10:20:51
207.44.162.119 - 2007-12-03 04:20:51
207.44.162.119 - 2007-12-02 22:20:51
207.44.162.119 - 2007-12-02 17:51:40
207.44.162.119 - 2007-12-02 16:20:51
207.44.162.119 - 2007-12-02 10:20:51
207.44.162.119 - 2007-12-02 04:20:51
207.44.162.119 - 2007-12-01 22:20:51
207.44.162.119 - 2007-12-01 17:51:04
207.44.162.119 - 2007-12-01 16:20:50
207.44.162.119 - 2007-12-01 10:20:51
207.44.162.119 - 2007-12-01 04:20:50
207.44.162.119 - 2007-11-30 22:20:51
207.44.162.119 - 2007-11-30 17:51:32
207.44.162.119 - 2007-11-30 16:20:51
207.44.162.119 - 2007-11-30 10:20:51
207.44.162.119 - 2007-11-30 04:20:52
207.44.162.119 - 2007-11-29 22:20:51
207.44.162.119 - 2007-11-29 17:51:18
207.44.162.119 - 2007-11-29 16:39:51
207.44.162.119 - 2007-11-28 17:51:25
207.44.162.119 - 2007-11-27 17:51:25
207.44.162.119 - 2007-11-26 20:24:22
207.44.162.119 - 2007-11-26 20:11:53
207.44.162.119 - 2007-11-26 17:51:29
207.44.162.119 - 2007-11-25 17:51:27
207.44.162.119 - 2007-11-25 16:20:50
207.44.162.119 - 2007-11-25 10:20:51
207.44.162.119 - 2007-11-25 04:20:51
207.44.162.119 - 2007-11-24 22:20:51
207.44.162.119 - 2007-11-24 17:51:09
207.44.162.119 - 2007-11-24 16:20:55
207.44.162.119 - 2007-11-24 10:20:56
207.44.162.119 - 2007-11-24 04:20:55
207.44.162.119 - 2007-11-23 22:20:56
207.44.162.119 - 2007-11-23 17:51:08
207.44.162.119 - 2007-11-23 16:20:56
207.44.162.119 - 2007-11-23 10:20:55
207.44.162.119 - 2007-11-22 18:03:46
207.44.162.119 - 2007-11-22 17:51:05
207.44.162.119 - 2007-11-22 04:26:26
207.44.162.119 - 2007-11-21 22:26:25
207.44.162.119 - 2007-11-21 18:13:02
207.44.162.119 - 2007-11-21 17:51:08
207.44.162.119 - 2007-11-20 17:51:13
207.44.162.119 - 2007-11-19 21:53:46
207.44.162.119 - 2007-11-19 17:51:19
207.44.162.119 - 2007-11-18 17:51:26
207.44.162.119 - 2007-11-17 17:51:14
207.44.162.119 - 2007-11-17 13:20:42
207.44.162.119 - 2007-11-17 09:09:50
207.44.162.119 - 2007-11-16 17:51:15
207.44.162.119 - 2007-11-15 17:51:46
207.44.162.119 - 2007-11-15 09:11:16
207.44.162.119 - 2007-11-15 07:50:05
207.44.162.119 - 2007-11-14 17:51:15
207.44.162.119 - 2007-11-13 17:51:29
207.44.162.119 - 2007-11-13 15:31:13
207.44.162.119 - 2007-11-12 17:52:06
207.44.162.119 - 2007-11-12 15:16:36
207.44.162.119 - 2007-11-12 09:13:52
207.44.162.119 - 2007-11-12 06:56:56
207.44.162.119 - 2007-11-12 06:43:06
66.118.176.86 - 2007-11-12 06:05:00
66.118.176.86 - 2007-11-12 06:01:55
67.84.12.95 - 2007-10-30 12:52:13
67.84.12.95 - 2007-07-18 14:50:26
67.84.12.95 - 2007-07-18 14:48:20
67.84.12.95 - 2007-07-18 14:35:07
67.84.12.95 - 2007-07-18 11:45:29
67.84.12.95 - 2007-07-18 11:09:37
207.150.178.60 - 2007-07-17 09:12:36
67.84.12.95 - 2007-07-16 16:55:25
207.150.178.60 - 2007-07-16 13:19:20
207.150.178.60 - 2007-07-16 10:48:07
207.150.178.60 - 2007-07-16 07:25:33
207.150.178.60 - 2007-07-16 06:28:05
67.84.12.95 - 2007-07-14 14:26:22
67.84.12.95 - 2007-07-14 14:26:16
67.84.12.95 - 2007-07-14 14:25:42
67.84.12.95 - 2007-07-14 13:09:13

I doubt the real Fred is doing the hack. I mean, why would he use his real name?

I actually banned the account - although John said I could remove him:
http://www.gfy.com/showpost.php?p=13548415&postcount=84

Quote:
Originally Posted by Trixxxia
John - can I remove the user?

Yes, you can of course.