|
Quote:
He hasn't posted on that forum since august and then that freelance job thing in Sept. Hacker or whoever is using his name or whatever.. who fucking knows |
Good luck to all parties involved in getting this matter sorted out.
|
Quote:
Shit John, you're turning into a PR pro following all the rules (That's a compliment btw) |
I finally just saw where someone accused their lead programmer of being a smoking gun... Now that is funny.
|
Fred is the lead programmer of CARMA and NATS at TMM.
It's probably normal that admin accounts are under his name, it would be the most logical. I don't think you can conclude that it's Fred that's doing it, simply because that's the name on the admin account. As if you'd leave your full name on you own hack.. |
Quote:
i think that would be a bit premature of a guess as well , but its obvious his account was compromised. you would think as head programmer he might have built in some safeguard to keep his own account in check.. certainly not allowing it to login to multiple nats sponsors at the same time every few minutes and get data. |
good to see NATS is finally doing something to fix this for everyone...
it's a bit overdue tho... |
i *may* have always been under the understanding that the processors sold off their email lists... i *may* have heard this from many webmasters that it *may* be an assumed occurence.. that's all i will say
*disclaim the above is not implying, implicating, suggesting or accusing anyone of doing anything uncuth or unlawful. the above is simply things one *may* have heard thru the 'grapevine' |
Of course.
It was the lead admins account but it was not him and uhh uhh... How Convenient! If I knew that people were really that easy to pull one over on I would certainly be alot wealthier today. ROFLMAO! I mean NATS is a top notch crew it was just a glitch! |
surely i cant the only one who may have hypothetically heard for years of the availablility of processor dbases for a hefty price?
|
Quote:
One thing that surprised me was seeing that the guy was looking for side jobs on a rentacoder type site. I have 2 full time programmers i keep real busy. It just seemed odd to me that if he is the head guy he would have extra time on his hands to look for side jobs. Maybe I am the only one to think that but that was my opinion when i read that part. |
Count me in too...
NATS was originally installed on my server in 2005. The account they created during the original install, is the one that got replaced by "Fred Schank". I won't go into details or opinions, but if i remember correctly it was a very generic username/password that was probably easily cracked. |
I nominate this thread for DRAMA of the year award.
|
Quote:
Not everyone is a big of an arsehole as you are :) |
Quote:
|
Quote:
i can't believe so many people in this industry don't and refuse to believe that. |
I was looking for a fake account to post under, then though what the fuck.
Here's where it stands. There are 2 scenarios: 1- Internal Job. Won't even speculate on this, I've got nothing to say. It's just an option. 2- Exploit. If it's an exploit, it'll be coming in via SQL injection attacks. I know this, because [as demonstrated] previously, NATS filtering of $_REQUEST variables has been incredibly poor. In what I've glimpsed of source code, and played with [I'm by no means a 'black hat', but I know an exploit when I see one] - they weren't even using mysql_real_escape_string for passing strings to the databases. 6-12 months ago I did a POC where I dropped an entire database by injecting the SQL through a NATS [or CARMA, can't remember] URL. I notified them via ticket. Have things improved? Not sure. So, if it's as above, it doesn't matter how good your sql restrictions are, because the SQL requests come from the localhost anyhow. It's easily conceivable that you can have full control over the database, hence the creation / deletion of accounts. |
3- Generic admin username/password created by installer. For example, if i remember correctly:
Username: (employee/installer name) Password: (i wont post on a public board, but also very generic) If this employee, used the same technique on several installs, i could see a problem... This could also explain why the problem is small scale. |
Quote:
However people have pointed out in this thread that the account is reappearing after deletion. |
http://img265.imageshack.us/img265/7421/grabwl0.gif
Hit stats for a NATS sponser. 2006. Hmm. This is thin, thin 'evidence' though. |
Quote:
Do you hear that? That is the sound of a company lawyering up!!! Follow the money.... |
Quantum I was being sarcastic above there fella.
I raged about some things regarding NATS I was even banned for it in the past. Do a history on John Albright here in GFY. Ya will know where I stand about all this. All I am saying now is, none of this surprises me in the least. |
Quote:
so shouldn't all NATS program owners be checking their server stats now for that IP? |
theres no stopping this thread is there
|
Quote:
If you reread the thread again, I think you'll find it's other, non-TMM IPs that are the problem. |
Quote:
|
owning a hosting company or affiliate software company would be about as stressful as it gets in this industry.
what if this isn't a hack of NATS but a new or even unknown exploit of mysql or apache - then NATS is just an innocent bystander and hosting companies are as much or more responsible? |
I'd say about 70% of the nats programs I sign up to (each with a very unique email address just for that program)... within about 3-5 weeks I start getting spam on that email address... Been mentioning it to some programs for a long time now but no one knows what to do about it... However... When I sgned up to topbucks as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... signed up to silvercash as a member.. within 4 weeks I was getting spam on that unique email address.. processor Epoch... I think the issue isn't just tied to 1 thing.
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
Furthermore, if it were a issue specific to mysql or apache then the internet itself would be ablaze with speculation about it in more than the adult affiliate sector. ... |
Quote:
If there is anyone that needs to think before they speak, it's you. You're sounding more of an idiot with each passing post. ... |
Quote:
:2 cents: |
Okay, it seems banning the account makes no difference as the person is still able to login:
67.19.188.250 - 2007-12-22 09:30:32 67.19.188.250 - 2007-12-22 03:30:31 67.19.188.250 - 2007-12-22 00:23:23 I submitted a ticket to TMM yesterday telling them I could not secure the admin via IP since i run on a dynamic IP. They said they couldn't help me till tomorrow. I said it was serious and they said if I had banned the account it would be fine. Obviously not the case. ... |
Good luck to all
|
Quote:
But then, when a program gets hacked through other means then nats, and their whole customer base with info gets stolen, and affilate data gets stolen, would they also need to issues such a statement? Informing all of the affiliates that the data might be breached and that they should change their passwords? Hmm.. Double standards? @RazorSharpe Buuuhuuu, did i burst your buble of the perfect world? |
Change your own admin pass after you deleted the admin account used to get in (if you haven't already)
If the attacker was able to get in to gank emails etc. Chances are he has your username/pass as well. I've never used nats so I'm not sure if it's possible with the account they had but to be safe... |
Quote:
Is it not possible to .htaccess protect the admin-area of NATS as well, as an added layer of security on top of limiting the User-IP NATS internally? Just an idea. I'm not running NATS as Admin so I wouldn't know, so this is just a suggestion. |
Quote:
|
Quote:
|
Quote:
|
Quote:
|
The amount of wrong information, assumptions, and completely wrong accusations here is astounding.
This will be my last post in this thread and possibly on this board. I am tired of people running around saying whatever they want and there being no repercussions for it. It is ridiculous and I'm not going to sit here and argue with them. This fully appears to be a compromised password list. It is not an "exploit" in the software. It is not Fred spamming your members, etc. We have changed our policy so that we no longer maintain ANY passwords to ensure this does not happen via us ever in the future. We are also continuing to implement other protective measures. Those of you who have actual valid feedback and comments I appreciate them. Anyone is welcome to contact us regarding this with their questions or concerns and we will be further communicating directly with our clients about it. However as to dealing with the people who make their living making things up about other people, I'm done here. |
Quote:
|
Just a simple statement that my momma taught me along time ago
Why does the farmer let the fox fix the whole in the fence? Im not IMPLYING ANYTHING here guys .... Just looking at the POSSIBILITY not any facts here at all and john why is it immediatly blame on all your customers servers and no blame at all on yourself? Im just looking at all this here and I see alot of people having a problem INCLUDING US ....... And im seeing you blaming us and our servers/hosting its easy to point a finger..... ANYWAYS THAT IS ALL I HAVE TO SAY.... |
Quote:
|
Quote:
Quickbuck uses Nats and they said this? wtf |
Quote:
|
| All times are GMT -7. The time now is 09:31 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123